Login

Tag Archives: Arbitrary File Deletion

6 Nov 2023

Wordfence’s False Claim of Vulnerability in WordPress Plugin Everest Backup Leads to Serious Real Vulnerability

Recently the CEO of Wordfence, Mark Maunder, claimed that their data on vulnerabilities in WordPress plugins is “impeccable”. That is disputed by, among other things, Wordfence’s attempts to cover up mention of the problems with that very data. It’s unclear if the CEO is unaware of what is going on with the employees of his company or he is, as he often does, lying in a way that makes Wordfence sound like it is doing amazing things it isn’t doing. Whatever the case, another recent instance of their inaccuracy led to finding a real vulnerability in the plugin Everest Backup.

We recently reviewed a claim by Wordfence from earlier this year of a vulnerability in the plugin, where what was claimed to be a vulnerability was still possible in the version that was supposed to fix it. We were reviewing that because one of our customers started using the plugin. What we found was that the plugin actually still is rather insecure, but not in the way that Wordfence had claimed. Considering the potential security risk posed by backup plugins, you would hope they are thoroughly checked for security issues, but this plugin clearly hasn’t been. [Read more]

28 Jan 2019

Arbitrary File Deletion Vulnerability in Ad Manager by WD

When it comes to collecting data on WordPress plugin vulnerabilities one of the things that sets us apart is that we check over reports before adding them to our data set, doing that is valuable enough that the company behind the Wordfence Security plugin lies and claims the data they use has been “confirmed/validated” when it hasn’t (that is far from the only thing they lie about). Doing that often leads to us finding that reports of claimed vulnerabilities are false or that vulnerabilities that are claimed to have been fixed, haven’t been (incorrectly telling people that vulnerabilities have been fixed severely limits the usefulness of other data sources). Today it lead to us finding a vulnerability in the plugin Ad Manager by WD.

Someone going by the handle 41!kh4224rDz disclosed that the current version of the plugin has an arbitrary file viewing vulnerability. When we tested that out we found that after trying the proof of concept, which allowed viewing the contents of the WordPress configuration file, wp-config.php, that the set up screen for WordPress would show when trying to access any page of the website. That would indicate that the WordPress configuration file wasn’t there anymore. That turns out to because right after the last line of code that causes the arbitrary file viewing vulnerability, the same file being viewed is passed to the unlink() function, which deletes it: [Read more]

11 Dec 2018

Vulnerability Details: Arbitrary File Deletion in Woocommerce Pay.nl Payment Methods

In a nasty reminder of why it is a good idea for plugin developers to pair to only the files they need from third party libraries, our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins spotted a possible security issue in code being removed from the plugin Woocommerce Pay.nl Payment Methods and what we found was that for 22 months the plugin had several serious security issues due to a test file from the library PHP Curl Class. One of those being the ability to delete arbitrary files on the website. We are in the process of contacting the developer of the library about this.

[Read more]

16 Apr 2018

Vulnerability Details: Arbitrary File Deletion Vulnerability in WP Pipes

From time to time a vulnerability in a plugin is disclosed without the discoverer putting out a complete report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

[Read more]

13 Apr 2018

Vulnerability Details: Arbitrary File Deletion Vulnerability in Google Drive for WordPress (wp-google-drive)

From time to time a vulnerability in a plugin is disclosed without the discoverer putting out a complete report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

One of the problems that we find with reports of claimed vulnerabilities in WordPress plugins is that in some instances you have reports that involve real vulnerabilities where the information provided is incomplete or inaccurate. Both of those came up with what turns out to be a report by Lenon Leite of an arbitrary file deletion vulnerability in the plugin Google Drive for WordPress (wp-google-drive). For a reason we don’t quite understand it was labeled as a remote code execution (RCE) vulnerability in the report. [Read more]

6 Apr 2017

Vulnerability Details: Arbitrary File Deletion Vulnerability in Secure Image Protection

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.

[Read more]