Recent Pligg v1.0.2 Security Vulnerabilities What Others Are Saying?

Since the release of Pligg v1.0.2 it has become clear that there are once again some serious security vulnerabilities within the system. This isn’t the first time pligg site owners and their registered users have succumbed to security exploits within the pligg core. Rather than post our own article on this subject we thought it may be nice to show our readers and Pligg what other bloggers are saying about these security vulnerabilities and also Pliggs Developer approach to fixing them.

As you may or not already be aware Pligg v1.0.2 suffers from some security vulnerabilities and has done so since it’s original release as discovered by Russ McRee of Secunia. Pligg acknowledged these original vulnerabilities a few weeks ago 24th Nov to be exact and put out a statement on twitter revealing that it would take them around ten days to fix the vulnerabilities and release v1.03 to the community. This also coincided with Secunia not releasing exact details fo the security holes until today which is a great move for pligg users and gives them a head start on any attacks.

“Shortly after the 1.0.2 release we were alerted to a vulnerability reported by Secunia and third party researcher Russ McRee,” the Pligg blog states.

So what are other bloggers saying on this latest Pligg Security Vulnerability topic.

Internetnews.com

Sean Michael Kerner from internetnews.com has written a highly insightful article yesterday giving his opinion on the latest pligg security scare.

As opposed to many other vendors/projects which typically release an update alongside security advisories, that’s not the case with the new Pligg 1.0.3 release. The full security advisory isn’t coming out until tomorrow (Dec 2) giving Pligg users (and there are a whole lot of them) a running head start on potential attacks.

Read the Entire Article: Open Source digg-clone Pligg plugs security holes

Pligg have now released v1.0.3 to patch some of these security holes, revealed by Secunia.

We realize every CMS system has vulnerabilities found at some point so pligg is no different here, it’s just nice that Secunia gave Pligg a head start to fix them before going public twitter. Whats your opinion on this subject is ten days too long to have your site vulnerable to hacks after the developers have been alerted to them in case a savvy hacker figures out what the holes are.? Let us know.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details

#

Author: on December 2nd, 2009

Category: Pligg

Tags: , ,

  1. Blogger Den says:

    Damn this is really annoying, I wasn’t even aware of security holes in Pligg but I am glad I updated my system..

  2. Pligg was a easy prey of spammer and hope this update will stop their accessibility.

  3. maverick00010 says:

    Thanks for the update.

  4. Mathey says:

    I’ve just installed Pligg 1.0.3 on my new site yesterday and I already got 45 spam users and spam news. Any suggestions?

    One more thing, there’s no option to delete users??

  5. Adam says:

    if you’re going to use pligg you have to know what your doing, because software has been developed to spam it that the admins of pligg can’t figure out how to combat yet, they even considered buying out the software

  6. indeks media says:

    thank’s for this article. I just knew this