This post is a quick note from the foreman down at the FeedBurner ironworks and custom tools depot. If you’re a new or longtime user of FeedBurner FeedSmith — our plugin for WordPress that helps ensure you count all of your blog’s feed traffic through FeedBurner — there is a recommended security-related update to this plugin for you to download. Here are the details:
Potential security vulnerability
Some WordPress plugins that permit the entry of user-entered values, such as older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” Without getting overly technical, this permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into your WordPress control panel. And no one wants that.
How to protect your feed
Protect your feed by downloading FeedSmith v2.3, available; download it now. This newest release ensures that the only person who may change FeedSmith settings is the administrative account that is signed into your WordPress control panel. If you are following our WordPress QuickStart guide to get started with FeedBurner, the link to download FeedSmith provided in that QuickStart has already been updated to point to v2.3. To verify the version of the plugin you have, you can visit the “Plugins” tab within the WordPress control panel and look for FeedSmith’s entry; the version number is displayed in that entry.
If you currently use FeedSmith on your WordPress-powered site, follow these instructions to update this plugin.
- Download version 2.3 of the plugin.
- Sign in to your WordPress admin control panel.
- Under Plugins, locate the current FeedSmith plugin, and click “Deactivate.”
- Copy the plugin file, FeedBurner_FeedSmith_Plugin.php into your default WordPress plugin directory, wp-content/plugins/
- Reactivate the plugin by logging in to your WordPress administration area, clicking Plugins, then clicking Activate at the end of the “FeedBurner FeedSmith” row.
At the end of this process, v2.3 will be active and will use your existing feed redirection settings; there is no need to re-enter them. You will also be protected against any potential request forgery attack.
We’d like to thank Blog Security for their recent writeup of this potential exploit. Software is fun!
Original post by WP-AutoBlog Import
- Google Reader Subcription Stats and FeedBurner
- Saturday Subscriber Count Drop?
- From the Quick Hits Dept.: Transferring Feeds Between Accounts
- FeedBurner Integration for Blogspot Blogs
- Il Sinonimizzatore - Plugin Wordpress Per Curare Il Contenuto Duplicato
- AdSense Integrated with FeedBurner Site Ads
- FreeBurner for Everyone
- On the Finding of Help and the Getting of Answers
- 3 Consigli Flash Per Le Tue SERP
- OceanWaves plugin 3d studio max
- NBLinks la directory di Nuovibusiness.
- Il primo service pack di Vista
- Flame-Bearing Swag Still Available
- Sicurezza delle informazioni: come difendere il business dalle nuove forme di attacco (Infosecurity Roma 10 e 11 giugno)
- EeeControl: Hardware Hotkey Control per EeePC
Non c’è ancora nessun commento.
Comments RSS TrackBack Identifier URI
Lascia un commento
Nessun commento