Posts

Security Holes in Two WordPress Plugins – WordPress Poll and Social Articles

There is a SQL injection vulnerability in WordPress Poll. Please upgrade to WordPress Poll version 35.0 immediately which was released a few days ago and fixes this security hole. We are currently seeing exploits for this vulnerability in the wild.

The Social Articles plugin appears to have an arbitrary file upload vulnerability in the current version which is 1.4. The vulnerability is in the upload-handler.php script included with the plugin. The exploit for this security hole is already in the wild. A fix has not been released yet so we recommend that you disable and delete the plugin until a fix is released.