Quick Online Tips
Home     About     Popular     Photoblog     Themes     Advertise     Shop     Jobs     Contact

FeedBurner FeedSmith Security Update: WP 2.3 Fails to Notify

October 11th, 2007
ADVERTISEMENTS

FeedBurner FeedSmith plugin detects your original WordPress feeds and redirects them to your FeedBurner feed so you can track every possible subscriber. Feedburner reports the plugin has a security issue and you need to upgrade it fast. However, my Wordpress 2.3 powered with the new plugin update available feature failed to notify me…

Feedburner reports about the potential security vulnerability

“Older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” Without getting overly technical, this permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into your WordPress control panel. And no one wants that.”

After reports of Hijacking feeds with Feedburner Vulnerability, the new release v2.3 ensures that the only person who may change FeedSmith settings is the administrative account that is signed into your WordPress control panel. Get the latest v2.3 of the FeedBurner FeedSmith plugin today.

What was surprising is that the new Wordpress 2.3, with an amazing new feature built in that notifies about latest plugin releases failed to notify about the upgrade. (I have included the green border of the plugins above and below to show no upgrade notice on this plugin.)

Feedburner Feedsmith Plugin

I am not sure how wordpress sources the upgrade data, but Feedburner needs to fix the notification issue with wordpress. That shows that this new wordpress update feature is not fool proof yet and newer versions will better be able to inform you of upgrades (of course you can always disable plugin update checking). I am prompted again to check plugin author websites, just in case a new update is available…

Update: Wordpress notifies you that a new plugin is available only when an upgraded plugin is uploaded to Wordpress Extend. So it is a good idea that all plugin developers upload their plugins to WP Extend such that automatic notifications are possible to all bloggers using these pluigns and blog security is not compromised

RSS Subscribe RSS feed     Bookmark and Share



3 Responses to “FeedBurner FeedSmith Security Update: WP 2.3 Fails to Notify”

  1. Manas says:
    October 11, 2007 at 9:10 am

    Wordpress notifies you that a new plugin is available only when an upgraded plugin is uploaded to Wordpress Extend.

    In this case, the plugin might not have been uploaded to the Wordpress plugin site.

    Reply
  2. QuickOnlineTips says:
    October 11, 2007 at 8:25 pm

    Thanks Manas. So it is important that wordpress plugin developers get their plugins listed on Wordpress Extend. I check Feedsmith is not listed.

    Reply
  3. Manas says:
    October 12, 2007 at 9:38 am

    Yeah, the plugin developers need to do that… so that we are notified of updated plugins by Wordpress.

    Reply

Leave a Reply

  • Subscribe free daily email newsletter Why?
  • RSS   Feed readers   Add to Google Reader or Homepage   Twitter
writeWrite a guest article - Showcase your site to our active community of bloggers, technology experts, and geeks. Now read 100+ guest articles
Jobs
Jobs on SEO | Blogging | SEM | Marketing | Software | More...
Jobs in Google | Yahoo | Microsoft | Adobe | Ebay | Cisco | Intel
Post a job - only $50 for 30 days! | 8 more reasons

Must Buy Software