WordPress Plugin WordSpew will create a shoutbox on your wordpress blog. It uses AJAX, a technology that allows information to be transmitted to the server without the user refreshing the page. So what makes this special is that your users can carry out live chats from your blog without having to refresh the page. It’s kind of like instant messaging! SQL Injection related Vulnerability has been found in this plugin. You blog can be Vulnerable to the SQL Injection if you are using this plugin, until unless the developer who created this plugin solves the problem and write a fix for that.
Recently Kaspersky, Bit-defender, Face book websites were attacked via XSS and SQL Injections and their databases were exposed. Screen shots about their vulnerability and database tables were posted over internet.
Kaspersky is one of the leading companies in the security and antivirus market. Their website is down right now (9 feb 09, 6:42 pm) as I checked it, which was hacked recently. They are in maintenance mode. It seems as though they are not able to secure their own data bases. The companies who claim to secure our computers are not secure themselves. Seems incredible but unfortunately, its true. Through SQL injection some hackers were able to expose users, activation codes, lists of bugs, admins, shop and many more tables of their database. This is just a security alert though. No loss to customers and company as I suppose because the team involved is saying that their purpose is to alert the big companies about security measures. They have posted all the names of the tables in database though. Now I suppose we will see the new secure Kaspersky website. I have used myself this antivirus for quite a long time and then I had shifted to another one.
Is your website secure? XSS attacks (Cross Site Scripting) provides hackers access to your website content and database. If web applications are not secure, then your entire database of sensitive information is at serious risk. Hackers are on the lookout for Cross Site Scripting (XSS) vulnerabilities in YOUR web applications. Shopping carts, forms, login pages, dynamic content are easy targets. Beat them to it and scan your web applications with Acunetix Web Vulnerability Scanner: