Kumpulan Plugins WP yang Memiliki Bugs

ngapain liat liat

Spoiler

Metode XSS

• WordPress DX-Contribute Plugin 1.1.0 – XSS
• Post-views plugin 2.6.1. – XSS
• WP e-Commerce 1.1.1 – XSS
• WordPress WooCommerce Predictive Search Plugin 1.0.6. – XSS
• Video Lead Form 0.5 – XSS
• Pretty Link Lite Plugin 1.6.0 – XSS
• WP125 plugin 1.4.5. XSS
• Ultimate TinyMCE plugin 3.6. – XSS
• Wysija Newsletters Plugin 2.1.7. – XSS
• WordPress Carousel Slideshow 3.10 – XSS
• BuddyStream plugin 2.6.2 – XSS
• NextGEN Gallery 1.9.7 – XSS
• Amazon Associate plugin 2.0 – XSS

SQL Injection

• Hitasoft FLV Player Plugin 1.1 SQL Injection
• AJAX Post Search Plugin 1.1 – SQL Injection

Lainnya

• Advanced Custom Fields Plugin 3.5.2. – Arbitrary file inclusion
• vTiger CRM Lead Capture 1.1.0. – unspecified errors
• WP-Filebase Plugin 0.2.9.24. – unspecified errors

============================================

Berikut Daftar Lengkap WordPress Plugin Yang Memiliki Celah Keamanan 2012:

• Welcart e-Commerce December 14, 2012
• Knews Multilingual Newsletters December 14, 2012
• Bulk update many plugins added December 7, 2012
• All Video Gallery November 2, 2012
• WordPress Spider Catalog November 2, 2012
• Slideshow ( jquery image gallery) Plugin November 2, 2012
• FoxyPress Plugin November 2, 2012
• GRAND FlAGallery Plugin October 28, 2012
• FireStorm Professional Real Estate October 28, 2012
• WordPress Poll Plugin October 28, 2012
• Thank You Counter October 28, 2012
• UnGallery plugin October 28, 2012
• Zingiri Bookings plugin October 28, 2012
• WordPress Wordfence Plugin October 23, 2012
• WordPress White Label CMS October 22, 2012
• Download Shortcode Plugin October 22, 2012
• Pinterest “Pin It” Button Lite October 6, 2012
• Spider Calendar October 6, 2012
• ABC Test September 27, 2012
• Token Manager plugin September 27, 2012
• Sexy Add Template September 27, 2012
• Notices Ticker September 27, 2012
• WP-TopBar September 21, 2012
• MF Gig Calendar September 21, 2012
• Answer-my-question September 21, 2012
• Cloudsafe365 August 29, 2012
• Image news slider August 29, 2012
• Count Per Day plugin August 29, 2012
• Zingiri Web Shop August 22, 2012
• Mz-jajak August 15, 2012
• Postie August 13, 2012
• Vitamin Plugin August 9, 2012
• G-Lock Double Opt-in August 3, 2012
• GD Star Rating July 26, 2012
• Mac Photo Gallery plugin July 26, 2012
• Backup July 26, 2012
• Flexi Quote Rotator July 26, 2012
• Get Off Malicious Scripts July 26, 2012
• LeagueManager plugin July 18, 2012
• Resume Submissions & Job Postings July 18, 2012
• Paid Memberships Pro July 16, 2012
• Global Content Blocks July 16, 2012
• The Guardian News Feed plugin July 11, 2012
• WP Symposium July 11, 2012
• Leaflet Maps Marker July 11, 2012
• Artiss Code Embed July 11, 2012
• Front-end Editor July 11, 2012
• WP Socializer July 8, 2012
• PHPFreeChat plugin July 8, 2012
• Knews Multilingual Newsletters July 8, 2012
• Contus Vblog plugin July 8, 2012
• Custom tables plugin July 8, 2012
• Church_admin Plugin July 7, 2012
• MoodThingy plugin July 7, 2012
• Quick Post Widget July 7, 2012
• Email newsletter July 7, 2012
• Quotes Collection Plugin July 4, 2012
• Count Per Day plugin July 4, 2012
• Zingiri Web Shop July 4, 2012
• Job Manager June 29, 2012
• N-Media Mailchimp June 24, 2012
• TheCartPress plugin June 21, 2012
• Zingiri Web Shop June 17, 2012
• Kk Star Ratings June 17, 2012
• Easy Contact Forms Export June 17, 2012
• WpStoreCart June 17, 2012
• MAC PHOTO GALLERY June 17, 2012
• Top Quark Architecture June 17, 2012
• Tinymce Thumbnail Gallery June 17, 2012
• WP-Property June 9, 2012
• Front End Upload June 9, 2012
• FoxyPress June 9, 2012
• WordPress VideoWhisper Video Presentation June 9, 2012
• Omni Secure Files Plugin June 9, 2012
• HTML5 AV Manager Plugin June 9, 2012
• Google Maps Via Store Locator Plus June 9, 2012
• WordPress Font Uploader June 9, 2012
• MM Forms Community June 9, 2012
• ALO EasyMail Newsletter May 31, 2012
• WordPress WassUp Plugin May 21, 2012
• WP Easy Gallery Plugin May 17, 2012
• WP Easy Gallery Plugin May 17, 2012
• GRAND Flash Album May 17, 2012
• WordPress CataBlog Plugin May 17, 2012
• WordPress Dynamic Widgets Plugin May 17, 2012
• WordPress Network Publisher May 16, 2012
• WordPress WP Forum Server May 16, 2012
• Media Library Categories Plugin May 16, 2012
• PDF & Print Button Joliprint Plugin May 16, 2012
• CodeStyling Localization May 16, 2012
• 2 Click Social Media Buttons May 16, 2012
• WordPress Newsletter Manager Plugin May 16, 2012
• Mingle Forum May 16, 2012
• SoundCloud Is Gold May 16, 2012
• Subscribe2 May 16, 2012
• WP-FaceThumb May 15, 2012
• User Photo Plugin May 11, 2012
• Zingiri Web Shop May 3, 2012
• ShareYourCart Plugin April 27, 2012
• WordPress Sharebar Plugin April 23, 2012
• WP Survey And Quiz Tool April 23, 2012
• Zingiri Web Shop April 23, 2012
• WordPress Download Manager April 23, 2012
• Sh-slideshow April 14, 2012
• WP Marketplace Plugin April 11, 2012
• Nmedia Users File Uploader April 11, 2012
• Another WordPress Classifieds Plugin April 5, 2012
• BuddyPress April 5, 2012
• CMS Tree Page March 27, 2012
• WordPress Image News slider March 26, 2012
• Blaze Slideshow March 26, 2012
• WordPress Carousel Slideshow Plugin March 26, 2012
• Video Embed & Thumbnail Generator Plugin February 27, 2012
• Magn WP Drag and Drop Upload February 27, 2012
• SB Uploader February 27, 2012
• WordPress Absolute Privacy Plugin February 27, 2012
• S2Member Pro WordPress membership plugin February 27, 2012
• AllWebMenus WordPress Menu Plugin January 26, 2012
• Theme Tuner January 26, 2012
• WP e-Commerce January 26, 2012
• My Calendar Plugin January 26, 2012
• uCan Post plugin January 26, 2012
• NextGEN Gallery January 26, 2012
• Count Per Day Plugin January 16, 2012
• Pay With Tweet Plugin January 16, 2012
• Whois Search Plugin January 4, 2012
• TheCartPress Plugin January 4, 2012
• Connections January 2, 2012
• WP Symposium January 2, 2012

Daftar lengkap ada disini: _http://wpsecure.net/category/exploits

 

wah mastah beraksi hahaha
XSS kuwi opo??

 

banyak amir ...
Btw thanks bro sharing.a ...
Buat hati2 untuk masang plugin

 

answer :

Spoiler

XSS merupakan kependekan yang digunakan untuk istilah cross site scripting.
XSS merupakan salah satu jenis serangan injeksi code (code injection attack). XSS dilakukan oleh penyerang dengan cara memasukkan kode HTML atau client script code lainnya ke suatu situs. Serangan ini akan seolah-olah datang dari situs tersebut. Akibat serangan ini antara lain penyerang dapat mem-bypass keamanan di sisi klien, mendapatkan informasi sensitif, atau menyimpan aplikasi berbahaya.
Alasan kependekan yang digunakan XSS bukan CSS karena CSS sudah digunakan untuk cascade style sheet.
Tipe XSS

• Reflected atau nonpersistent
• Stored atau persistent

Reflected XSS

Reflected XSS merupakan tipe XSS yang paling umum dan yang paling mudah dilakukan oleh penyerang. Penyerang menggunakan social engineering agar tautan dengan kode berbahaya ini diklik oleh pengguna. Dengan cara ini penyerang bisa mendapatkan cookie pengguna yang bisa digunakan selanjutnya untuk membajak session pengguna.
Mekanisme pertahanan menghadapi serangan ini adalah dengan melakukan validasi input sebelum menampilkan data apapun yang di-generate oleh pengguna. Jangan percayai apapun data yang dikirim oleh pengguna.
Stored XSS

Stored XSS lebih jarang ditemui dan dampak serangannya lebih besar. Sebuah serangan stored XSS dapat berakibat pada seluruh pengguna. Stored XSS terjadi saat pengguna diizinkan untuk memasukkan data yang akan ditampilkan kembali. Contohnya adalah pada message board, buku tamu, dll. Penyerang memasukkan kode HTML atau client script code lainnya pada posting mereka.
Serangan ini lebih menakutkan. Mekanisme pertahanannya sama dengan reflected XSS: jika pengguna diizinkan untuk memasukkan data, lakukan validasi sebelum disimpan pada aplikasi.

 

ada livelink yg nyelip tuh mas..

buruan edit

 

thanks and done

 

Gak paham sama "kutu"

modal inul aj kl k depes dsb

 

ooo,







ga paham.. wkekekeke lagi nunggu boxing day po iki?
OOT: dinihari sing main sopo mbek sopo kang??

 

Sharingnya mantap mastah.... Untuk gak ada plugin yang ane pake... Thanks tas inpohnya...

 

WordPress Wordfence Plugin October 23, 2012 << ini plugin untuk srikiti lho.. skrg udah aman blm ya?

 

iya ki... MU menang -___-
dinihari Liverpool mbek Stoke but the reds kalah

jangan dulu bang

 

wp amazon associate plugin jg ad bug nya?? wah2

 

Thanks mastah untuk informasinya, sangat bermanfaat. Untung cuman pakai plugin askimet sama sitemap.

 

wahh banyak sekali itu,,
tapi nice info gan

 

untuk plugin yg saya pakai gk ada di list page one

 

Berbahaya tuh kalo dibiarin

 

omg,,,,banyak amat yak,,,ane cuma ngertinya blogcepot doang,, belajar wp dulu ah...

 

makasih
gan
imfomya
ane
akan
hati2