(+84) 463.28.7979

FeedBurner FeedSmith Security Update: WP 2.3 Fails to Notify


FeedBurner FeedSmith plugin detects your original WordPress feeds and redirects them to your FeedBurner feed so you can track every possible subscriber. Feedburner reports the plugin has a security issue and you need to upgrade it fast. However, my WordPress 2.3 powered with the new plugin update available feature failed to notify me…

Feedburner reports about the potential security vulnerability

“Older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” Without getting overly technical, this permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into your WordPress control panel. And no one wants that.”

After reports of Hijacking feeds with Feedburner Vulnerability, the new release v2.3 ensures that the only person who may change FeedSmith settings is the administrative account that is signed into your WordPress control panel. Get the latest v2.3 of the FeedBurner FeedSmith plugin today.

What was surprising is that the new WordPress 2.3, with an amazing new feature built in that notifies about latest plugin releases failed to notify about the upgrade. (I have included the green border of the plugins above and below to show no upgrade notice on this plugin.)

Feedburner Feedsmith Plugin

I am not sure how wordpress sources the upgrade data, but Feedburner needs to fix the notification issue with wordpress. That shows that this new wordpress update feature is not fool proof yet and newer versions will better be able to inform you of upgrades (of course you can always disable plugin update checking). I am prompted again to check plugin author websites, just in case a new update is available…

Update: WordPress notifies you that a new plugin is available only when an upgraded plugin is uploaded to WordPress Extend. So it is a good idea that all plugin developers upload their plugins to WP Extend such that automatic notifications are possible to all bloggers using these pluigns and blog security is not compromised

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>