03 Apr

Vulnerability Details: Authenticated SQL Injection in Related Posts

This Vulnerability Details post about a vulnerability in the plugin Related Posts provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

03 Apr

PHP 7.1 Stops Some Improper Usage of wpdb::prepare() Function

Unlike any other data sources on vulnerabilities in WordPress plugins that we are aware of, we actually test out claimed vulnerabilities when adding them to our data set (though as Wordfence shows, people will lie about doing that sort of thing). That involves a fair amount of work, but it provides much better results as other data sources will falsely claim that vulnerabilities that haven’t been fixed have been fixed and includes false reports of vulnerabilities. One issue that has been coming up on a more frequent basis recently when doing that testing has been dealing with issues that vary with the test environment.

[Read more]

02 Apr

Vulnerability Details: Authenticated Persistent Cross-Site Scripting (XSS) in Ultimate Responsive Image Slider

This Vulnerability Details post about a vulnerability in the plugin Ultimate Responsive Image Slider provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

01 Apr

Authenticated Settings Change Vulnerability That Leads to Persistent XSS in WP Google Maps

One of the things we do to keep track of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in the plugins they use is to monitor the WordPress Support Forum for topics that might relate to those. Through that we came across an authenticated settings change vulnerability that can permit persistent cross-site scripting (XSS) in the plugin WP Google Maps, which considering the plugin has 400,000+ install, is something that would be of interest to hackers.

[Read more]

01 Apr

Vulnerability Details: Authenticated Persistent Cross-Site Scripting (XSS) in MaxGalleria

This Vulnerability Details post about a vulnerability in the plugin MaxGalleria provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

01 Apr

Cross-Site Request Forgery (CSRF) Vulnerability in 404page

The plugin 404page was closed on the WordPress Plugin Directory on Saturday. As that is one of 1,000 most popular plugins our systems alerted us to its removal and then we checked things over to see if there was a security issue that might have led to it being removed. While no reason had been given for its removal, in a quick check we found a minor, but rather nasty vulnerability that could an attacker to cause WordPress users to disable their access to the website without intending it. We then used WPDirectory to see if other plugins might have similar code and found that a number of other plugins by the same developer do. Subsequently to us doing that, the vulnerability was fixed in 404page and then subsequently that was credited to Julio Potier, so it appears that was the cause of the closure, but the other plugins have not been fixed yet.

[Read more]

30 Mar

WordPress Plugin Team Paints Target on Exploitable Settings Change Vulnerability That Permits Persistent XSS in Related Posts

When we announced a protest of the continued inappropriate behavior of the WordPress Support Forum moderators, one of the changes we suggested to resolve that was:

[Read more]