Comments on: Serious email spam issue for Irish Wordpress blogs.

By: MarketBoy

MarketBoy — Fri, 16 Jan 2009 14:44:04 +0000

Guys if you want your blogs to be secure and if you do not want to spend a lot of money…visit my website… wppadlock.com it is only 12.00$ but i am willing to cut the price down even more…any questions email me at wppadlockpro [at] gmail.com

- MarketBoy

By: Cuplaweb » WordPress: Are your user’s email addresses secure?

Cuplaweb » WordPress: Are your user’s email addresses secure? — Thu, 21 Aug 2008 05:16:41 +0000

[...] Jason Roe has pointed out a potential security issue for Wordpress which I picked up on via boards.ie. [...]

By: Niall Devitt

Niall Devitt — Mon, 12 May 2008 10:05:11 +0000

Thanks for the advice and well done on making the discovery

By: Jason Roe

Jason Roe — Thu, 18 Jan 2007 22:47:15 +0000

I made some revisions to the post to clear up what I was trying to say. I agree with matt, there was a bit more to this than some of the newer exploits. People on older versions should always upgrade (in an ideal world).

By: Jason Roe

Jason Roe — Wed, 17 Jan 2007 08:29:59 +0000

Hi Matt, Thanks for popping by. This comment was based on my adventures inside my own blogs, so as you said it may not be the case for everyone.

However, while looking at this issue on other blogs I noted that I could view 900 odd users.. These users closely related to comments posted. As far as I was aware, there was no real reason for the sites to have this enabled in the first place. The other strange thing is that there was no link for the users to register without manually entering a url. So how did these guys get accounts?

I will test it again on another blog of mine with a standard 2.0.5 pre-patched install.

By: Matt

Matt — Wed, 17 Jan 2007 01:02:17 +0000

“Your blog meta data includes all of the e-mail address of every user & also ever person who has commented on your blog.”

This sentence is incorrect. I’m not registering on your blog to make this comment, therefore I don’t have a user ID. If you had registration open on your blog, an option which is off by default, and if I registered on your blog with a legitimate email address and went through the activation process, and if you were running a version older than 2.0.5, which was released about 3 months ago.

I totally agree that people on older versions should upgrade, or at the very least turn off the “anyone can register” option.

By: Our Family Blog » Blog Archive » TUE LINKS 1/16/2007Uworld

Our Family Blog » Blog Archive » TUE LINKS 1/16/2007Uworld — Tue, 16 Jan 2007 22:57:57 +0000

[...] Huge Wordpress Security Issue [...]

By: The day after tomorrow for SEO wordpress blogs! - Jason Roe Technology. Jason Roe - Web design, Development, SEO Advice

Tue, 16 Jan 2007 10:20:10 +0000

[...] I guess this might be understandable just after I only highlighting an issue with wordpress last week! However, this was more of a heads up than a Tutorial how to exploit the issue. People keep putting 2 + 2 together and making 5 [...]

By: Jason Roe

Jason Roe — Tue, 16 Jan 2007 01:42:46 +0000

I just found a bug while doing research on security. It had been fixed by the time I made the post.

By: Mike Dammann

Mike Dammann — Tue, 16 Jan 2007 01:34:48 +0000

Is this when you realized how easy it was to hack wordpress blogs?

By: Stuntdubl Marketing Consulting hacked - SEOs a target - Jason Roe Web Development. Jason Roe - Web design, Development, SEO Advice

Mon, 15 Jan 2007 22:49:25 +0000

[...] Quick fix is to disable trackback until the patch is issued by wordpress. This is kinda similar to my other post about wordpress security. See pick below: [...]

By: Cupla Web: Smart Website Development

Cupla Web: Smart Website Development — Mon, 08 Jan 2007 17:21:11 +0000

WordPress: Are your user’s email addresses secure?…

Jason Roe has pointed out a potential security issue for Wordpress which I picked up on via boards.ie.
The issue can allow someone to scrape email addresses and other contact details from a wordpress site that allows user registration on it.
In the gra…

By: Minor Wordpress vulnerability confirmed - amd on software - stuff for nerds, news that matters

Sat, 06 Jan 2007 18:19:28 +0000

[...] Minor Wordpress vulnerability confirmed Thanks to Jason for the heads-up – it seems that my Wordpress 2.0 blogs are vulnerable to the exploit listed in Wordpress issue #3142, but the effect is relatively minor. Every logged in user can spy out the metadata of all other users by typing in the URL /wp-admin/user-edit.php?user_id=XXX irrespective if he has the right to do this or not. If not in fact there will be shown the error message “You do not have permission to edit this user.” but after that message the complete form with all data will also be shown. [...]

By: KAL Case

KAL Case — Sat, 06 Jan 2007 17:55:14 +0000

Oh dear – I’ve just found out about this via Damien Mulley’s blog. We get a fair few of spammy comments on our blog, so this could be an issue for us.

I’m a complete non-techy person, however – is there a way to explain the fix for this in layman’s terms for a computer-illiterate like myself?

Many thanks!

By: Wordpress Security Problem - Irish SEO, Marketing & Webmaster Discussion

Wordpress Security Problem - Irish SEO, Marketing & Webmaster Discussion — Sat, 06 Jan 2007 14:35:09 +0000

[...] Wordpress Security Problem Serious email spam issue for Irish Wordpress blogs. – Business. Jason Roe – Web design, Development, SEO Advice __________________ Armchair.ie | work|Blog Tips|Seo tips|EU Domain ScandalTechie Toys| Gadgets Do you want your vbulletin site to be search engine friendly? Click here for info [...]

By: Wordpress Security Hole

Wordpress Security Hole — Sat, 06 Jan 2007 14:26:44 +0000

[...] Wordpress Security Hole Written on January 6th, 2007 by michele Jason spotted a very serious security issue in Wordpress that does’t seem to have been addressed properly even though it was reported back in September of last year. [...]

By: Damien Mulley » Blog Archive » Attention Irish Wordpress users - Security Exploit to watch out for

Sat, 06 Jan 2007 14:10:21 +0000

[...] Jason has blogged about a Wordpress security issue which allows people to get the emails of all posters and event people who leave comments. Disabling public registration seems to fix it but see Jason’s blog for more. blogs ireland irish irishblogs security wordpress [...]