WordPress Angel Project
WordPress has become one of the most popular blogging packages on the Internet; this is largely due to its ease of use and its object oriented design which allows the user to easily extend its capabilities in the form of WordPress Plugins.
Unfortunately, "ease of use", and “security” are to often like lemon and milk… the reality is that countless plugins and themes are vulnerable to the attacks discussed here.
- free-wp-sectest
Please note this page is no longer maintained as it has been merged merged into BlogSecurity.net’s BlogWatch page. Please see the link for an updated list of WordPress vulnerabilities.
The WordPress Angel Project is a list of WordPress plugins and templates that we have reviewed and checked for common security vulnerabilities that may lead to attackers taking control over your blog.
WordPress Plugins
In many cases, the items listed in this article were found to have serious vulnerabilities (when reviewed), and so it is important for you to verify that you are running the latest version of the plugin. This can be checked from your plugins menu in your WordPress Admin panel (i.e. http://myblog/wp-admin/plugins.php).
| Last Check | Name | Homepage | Author | Latest Version |
| 14 May 2007 | Akismet | http://akismet.com/download/ | Matt Mullenweg | 2.0.2 |
| 20 May 2007 | Adsense Deluxe | www.acmetech.com/blog/adsense-deluxe/ | Acmetech | 0.8 - current version insecure See Temp Fix |
WordPress Themes
Many WordPress themes contain vulnerabilities within their code just as the plugins do. This table lists the themes we have tested.
| Last Check | Name | Homepage | Author | Latest Version |
If you would like a theme or plugin tested please let us know via the Contact form.
References to other work I have done to contribute to the WordPress Project:
[...] David Kierznowski of Operation n has discovered some serious flaws in the Adsense Deluxe plugin, affecting all versions (See: WordPress Angel Project). [...]