18 May

Vulnerability Details: Remote Code Execution (RCE) Vulnerability in BibleGet I/O

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to...
[The rest of this post is available for our customers, learn more below.]

Our Vulnerability Details posts provide the details of vulnerabilities we didn't discover and access to them is limited to customers of our service due to other security companies trying to sponge off the work needed to create those instead of doing their own work.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, you can try the service for free for the first month (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a WordPress plugin security researcher please contact us to get free access to all of our Vulnerability Details posts.

One thought on “Vulnerability Details: Remote Code Execution (RCE) Vulnerability in BibleGet I/O

  1. the current code doesn’t have any restriction on who can access the functionality.

    That means it is still open to the “other XSS”: Cross-Site Styling. That’s not as serious as Cross-Site Scripting, since it is less well known, but it still can be exploited.

Leave a Reply

Your email address will not be published. Required fields are marked *