28 Jan

Arbitrary File Deletion Vulnerability in Ad Manager by WD

When it comes to collecting data on WordPress plugin vulnerabilities one of the things that sets us apart is that we check over reports before adding them to our data set, doing that is valuable enough that the company behind the Wordfence Security plugin lies and claims the data they use has been “confirmed/validated” when it hasn’t (that is far from the only thing they lie about). Doing that often leads to us finding that reports of claimed vulnerabilities are false or that vulnerabilities that are claimed to have been fixed, haven’t been (incorrectly telling people that vulnerabilities have been fixed severely limits the usefulness of other data sources). Today it lead to us finding a vulnerability in the pluginĀ Ad Manager by WD.

[Read more]

11 Dec

Vulnerability Details: Arbitrary File Deletion in Woocommerce Pay.nl Payment Methods

This Vulnerability Details post about a vulnerability in the plugin Woocommerce Pay.nl Payment Methods provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

16 Apr

Vulnerability Details: Arbitrary File Deletion Vulnerability in WP Pipes

This Vulnerability Details post about a vulnerability in the plugin WP Pipes provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

13 Apr

Vulnerability Details: Arbitrary File Deletion Vulnerability in Google Drive for WordPress (wp-google-drive)

From time to time a vulnerability in a plugin is disclosed without the discoverer putting out a complete report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

[Read more]

06 Apr

Vulnerability Details: Arbitrary File Deletion Vulnerability in Secure Image Protection

This Vulnerability Details post about a vulnerability in the plugin Secure Image Protection provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]