One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we just caught one of the most likely to be exploited types of vulnerabilities being introduced in to a plugin. That being an arbitrary file upload vulnerability, which provides hackers with an easy way of gaining complete access to a website since they can upload a file with whatever malicious code they want and then cause that to run. The plugin itself, 3D Product configurator for WooCommerce, isn’t popular, with “Fewer than 10” installations according to wordpress.org, but in yet another reminder that those using WooCommerce need to be concerned about the security of any plugins they use with that, this is yet another WooCommerce tied plugin we have recently found a fairly serious security issue with.

This vulnerability is yet another good reason to check plugins you use through our Plugin Security Checker since it can alert you if plugins you use possibly contain a similar issue (and possibly contain a lot of other serious vulnerabilities). From there if you are a paying customer of our service you can suggest/vote for it to receive a security review that will check over that or you can order the same type of review separately. [Read more]