FeedSmith Plugin Security Update

Feedburner.com LogoThe FeedBurner Feedsmith plugin for WordPress which consolidates all of your WordPress RSS Feeds into one, has undergone a small security update. According to Feedburner, older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” This permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into your WordPress control panel.

Feedburner recommends downloading the latest version of the plugin, FeedSmith V2.3 as this version ensures that the only person who can change FeedSmith settings is the administrative account that is signed into your WordPress account.

Here are the directions to update your plugin.

  1. Download version 2.3 of the plugin.
  2. Sign in to your WordPress admin control panel.
  3. Under Plugins, locate the current FeedSmith plugin, and click “Deactivate.”
  4. Copy the plugin file, FeedBurner_FeedSmith_Plugin.php into your default WordPress plugin directory, wp-content/plugins/
  5. Reactivate the plugin by logging in to your WordPress administration area, clicking Plugins, then clicking Activate at the end of the “FeedBurner FeedSmith” row.

At the end of this process, v2.3 will be active and will use your existing feed redirection settings; there is no need to re-enter them. You will also be protected against any potential request forgery attack.

2 thoughts on “FeedSmith Plugin Security Update

  1. I’d love to hear more about Feedburner. I signed up at one point, but was a little confused on what exactly it did so I never finished the setup process.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s