10 Apr

Vulnerability Details: Arbitrary File Upload in Zielke Specialized Catalog

This Vulnerability Details posts provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service.If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

05 Apr

Arbitrary File Upload Vulnerability in SupportCandy

When it comes to security of WordPress plugins, what other security companies generally do is to add protection against vulnerabilities after they have already been widely exploited, which it should be pretty obvious doesn’t produce good results. By comparison, we do proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities, but we only have so much time to do that with the amount of customers we have, so we have a backlog of possible vulnerabilities that didn’t look like serious issues that we haven’t had time to get to. Sometimes, as is the case, with the plugin SupportCandy when the plugin comes up again with that proactive monitoring we realize that vulnerability was more serious, as the plugin contains an arbitrary file upload vulnerability, which is the kind that hackers are likely to exploit.

[Read more]

27 Mar

Our Proactive Monitoring Caught an Authenticated Arbitrary File Upload Vulnerability in Child Themes Helper

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated arbitrary file upload vulnerability in the plugin Child Themes Helper, which is also exploitable through cross-site request forgery (CSRF). That occurs in an AJAX accessible function and it looks like a number of other ones are also insecure and contain vulnerabilities, one of the more serious we will detail in a follow up post.

[Read more]

04 Jan

A Hacker Is Probably Already Exploiting This Arbitrary File Upload Vulnerability in a WordPress Plugin

In the last several days someone started making requests using Tor nodes for the file /wp-content/plugins/image-clipboard/readme.txt, which is a file from the WordPress plugin Clipboard Images. That would likely be a hacker probing for usage of the plugin, which has 800+ active installations according to wordpress.org, before exploiting a vulnerability in it. After we noticed that activity this morning we went to look over the code to see if we could find a vulnerability that hackers would be likely to exploit in it and it took only moments to find what in all likelihood is already being exploited.

[Read more]

03 Jan

Vulnerability Details: Arbitrary File Upload in JS Job Manager

This Vulnerability Details post about a vulnerability in the plugin JS Job Manager provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

03 Jan

Our Plugin Security Checker Can Now Spot More Possible Issues Leading to Arbitrary File Upload Vulnerabilities

As we have mentioned before, we recently improved our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins, to build on code we had developed for our Plugin Security Checker, an automated tool you can use to check if plugins you use contain possible security issues. That in turn has allowed us to easily test out new checks for our Plugin Security Checker across a lot of code before introducing it to the public, which makes it easier to improve that tool while not causing unnecessary issues for people using the Plugin Security Checker. One of the checks we have been testing out has now spotted one of the most likely to be exploited types of vulnerabilities, an arbitrary file upload vulnerability, in the plugin Buddy Share It Allusers FB YR, which would allow a hacker to take control of website by adding a file with malicious code to it.

[Read more]

19 Dec

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability Being Introduced In To a Plugin That Works With WooCommerce

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we just caught one of the most likely to be exploited types of vulnerabilities being introduced in to a plugin. That being an arbitrary file upload vulnerability, which provides hackers with an easy way of gaining complete access to a website since they can upload a file with whatever malicious code they want and then cause that to run. The plugin itself, 3D Product configurator for WooCommerce, isn’t popular, with “Fewer than 10” installations according to wordpress.org, but in yet another reminder that those using WooCommerce need to be concerned about the security of any plugins they use with that, this is yet another WooCommerce tied plugin we have recently found a fairly serious security issue with.

[Read more]

08 Aug

Arbitrary File Upload Vulnerability Being Exploited in Current Version of Ultimate Member

The WordPress plugin Ultimate Member was recently brought on to our radar after it had been run through our Plugin Security Checker and that tool had identified a possible vulnerability in it. We happened to take a look into that as part of continued effort to improve the results coming from that tool. We confirmed that there was a vulnerability and notified the developer. The developer responded that they would fix that as soon as possible, but it has been nearly month and that hasn’t happened. In line with our disclosure policy we are scheduled to be disclosing that vulnerability on Friday. Thankfully that vulnerability isn’t something that is likely to be exploited in an untargeted hack, but there is another vulnerability that is presently being exploited in the current version, 2.0.21, of the plugin.

[Read more]

16 May

Our Proactive Monitoring Caught a Newly Introduced Arbitrary File Upload Vulnerability in a Plugin with 50,000+ Active Installations

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability in a fairly popular plugin, of a type that hackers are likely to exploit if they know about it. Since the check used to spot this is also included in our Plugin Security Checker (which  is now accessible through a WordPress plugin of its own), it is another of reminder of how that can help to indicate which plugins are in greater need of security review (for which we do as part of our service as well as separately).

[Read more]

05 Mar

Vulnerability Details: Arbitrary File Upload Vulnerability in Open Flash Chart Core

One of the things we do to make sure our customers have the best data on vulnerabilities in WordPress plugins is to monitor what look to be hacking attempts on our websites. Through that we recently came across a request for a file, /wp-content/plugins/open-flash-chart-core-wordpress-plugin/open-flash-chart-2/php-ofc-library/ofc_upload_image.php, which would be from the plugin Open Flash Chart Core.

[Read more]