FeedBurner FeedSmith Security Update: WP 2.3 Fails to Notify
October 11th, 2007 | Filed under Blogging, Security, WordPress.FeedBurner FeedSmith plugin detects your original WordPress feeds and redirects them to your FeedBurner feed so you can track every possible subscriber. Feedburner reports the plugin has a security issue and you need to upgrade it fast. However, my Wordpress 2.3 powered with the new plugin update available feature failed to notify me…
Feedburner reports about the potential security vulnerability
“Older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” Without getting overly technical, this permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into your WordPress control panel. And no one wants that.”
After reports of Hijacking feeds with Feedburner Vulnerability, the new release v2.3 ensures that the only person who may change FeedSmith settings is the administrative account that is signed into your WordPress control panel. Get the latest v2.3 of the FeedBurner FeedSmith plugin today.
What was surprising is that the new Wordpress 2.3, with an amazing new feature built in that notifies about latest plugin releases failed to notify about the upgrade. (I have included the green border of the plugins above and below to show no upgrade notice on this plugin.)
I am not sure how wordpress sources the upgrade data, but Feedburner needs to fix the notification issue with wordpress. That shows that this new wordpress update feature is not fool proof yet and newer versions will better be able to inform you of upgrades (of course you can always disable plugin update checking). I am prompted again to check plugin author websites, just in case a new update is available…
Update: Wordpress notifies you that a new plugin is available only when an upgraded plugin is uploaded to Wordpress Extend. So it is a good idea that all plugin developers upload their plugins to WP Extend such that automatic notifications are possible to all bloggers using these pluigns and blog security is not compromised
Subscribe new articles by RSS feed or by Email
Comments
Manas | 11/10/07 #
Wordpress notifies you that a new plugin is available only when an upgraded plugin is uploaded to Wordpress Extend.
In this case, the plugin might not have been uploaded to the Wordpress plugin site.
QuickOnlineTips | 11/10/07 #
Thanks Manas. So it is important that wordpress plugin developers get their plugins listed on Wordpress Extend. I check Feedsmith is not listed.
Manas | 12/10/07 #
Yeah, the plugin developers need to do that… so that we are notified of updated plugins by Wordpress.
Comment on “FeedBurner FeedSmith Security Update: WP 2.3 Fails to Notify”