Security Risk in TDO Mini Forms v0.12: Upgrade to v0.12.2 ASAP!

Update #1: It’s not my day. In my rush to get v0.12.1 out, I copied in some broken code to SVN. Nothing critical, just prevents TDOMF from running. v0.12.2 fixes this.

I’ve discovered a security risk in v0.12 of TDO Mini Forms if you use Custom Fields and the “Append to Post” format option. This was introduced during the implementation of the Form Hacker. I’ve already prepared a fix (~~v0.12.1~~ v0.12.2) for this and it is now on Wordpress.org (but it may take a few minutes before you can download it).

I strongly advise anyone using v0.12 to upgrade as soon as possible. If you can’t currently upgrade, please consider downgrading to the v0.11.1 or disabling the plugin until you can upgrade to ~~v0.12.1~~ v0.12.2.

I do not know if anyone has been exploited by this hole, however I would also recommend carefully checking the HTML of submissions done with v0.12 for any PHP tags that might have slipped in the post content or custom fields.

I apologise for this and hope no-one is inconvenienced by it.

Posted with keywords: Security Risk, TDOMF, Wordpress, Wordpress Plugin, and in sections: Blog, LiveJournal.

« From Dinosaurs to Bat Girl! (previous)

(next) Dreamed about coding last night and found (and solved) a bug! »

Comments

Track comments using the RSS Feed

Pingback from Dreamed about coding last night and found (and solved) a bug! [ thedeadone.net ].
June 19th, 2008 at 1:54 pm

[...] More If you like this why not read the previous dated post. LiveJournal This post is avalible on my LiveJournal here. Trackbacks You can [...]

#
Quote