18 May

Vulnerability Details: Remote Code Execution (RCE) Vulnerability in BibleGet I/O

This post provides the details of a vulnerability in a WordPress plugin not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts with the details of vulnerabilities in plugins you use, including that you would have already been warned about this vulnerability if your website is vulnerable due to it.

For existing customers, please log in to your account to view the post.

One thought on “Vulnerability Details: Remote Code Execution (RCE) Vulnerability in BibleGet I/O

  1. the current code doesn’t have any restriction on who can access the functionality.

    That means it is still open to the “other XSS”: Cross-Site Styling. That’s not as serious as Cross-Site Scripting, since it is less well known, but it still can be exploited.

Leave a Reply

Your email address will not be published. Required fields are marked *