Login

Tag Archives: Arbitrary File Upload

12 Jan 2024

Did ChatGPT Write This Extremely Vulnerable Code Added to the Chatbot ChatGPT for WordPress Plugin?

A lot has been made about the possible security risk with code created by ChatGPT whether in WordPress plugins or otherwise. A more pedestrian risk is that WordPress plugins that interact with that are themselves insecure, whether written by ChatGPT or not. Yet again, we have found one of those adding vulnerable code that hackers would exploit.

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught such a vulnerability being added to Chatbot ChatGPT. The vulnerability, an arbitrary file upload vulnerability, which, as the name suggests, allows an attacker to upload arbitrary files to the website. An attacker could upload a .php file with malicious code and takeover the website. [Read more]

8 Jan 2024

WordPress Hasn’t Provided Fix for Severe Vulnerability Being Exploited in the Frontend Admin Plugin

According to WordPress’ security page, their security team can provide fixes for severe vulnerabilities in WordPress plugins. When they would do that is almost entirely opaque, as they say “if the vulnerability is severe, the plugin/theme is pulled from the public directory, and in some cases, fixed and updated directly by the Security Team.” We keep running into situations where that isn’t happening, when it should. The latest incident involves an arbitrary file upload vulnerability in the plugin Frontend Admin that was publicly, but vaguely, claimed to have existed on December 27. It took until January 4 for the plugin to be closed on the WordPress Plugin Directory. No update has been provided, despite the ease of providing a fix, as we will show. We have offered for years to provide fixes to WordPress in situations like this, without them taking up the offer.

Despite the already public claim it contained a serious vulnerability, WordPress isn’t warning that the plugin is vulnerable, instead only saying on the listing for the plugin that “This closure is temporary, pending a full review.”: [Read more]

7 Aug 2023

Code That Leads to Arbitrary File Upload Vulnerability in StellarWP’s Kadence Blocks Has Been There for 5 Months

A couple of weeks ago, we noted how Wordfence had claimed that a lack of newly introduced vulnerabilities being detected in WordPress plugins was proof that the security of plugins was improving, but it could actually be that detection of newly introduced vulnerabilities isn’t very good. A serious vulnerability that recently became functional in the 300,000+ install plugin Kadence Blocks is further evidence of poor detection of newly introduced vulnerabilities.

The developer of that plugin, StellarWP, has had a terrible security track record despite developing one of the most popular security plugins. Including failing to fix a vulnerability that their security plugin was warning about and failing to implement basic security in another plugin, leading to a zero-day. That makes the issue with Kadence Blocks not all that surprising. [Read more]

9 Mar 2023

Arbitrary File Upload Vulnerability in Propeller Ecommerce

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, an arbitrary file upload vulnerability in a brand new WordPress plugin, Propeller Ecommerce. That type of vulnerability would allow a hacker, among other things, to run arbitrary code on the website.

We now are also running all the plugins used by our customers through that on a weekly basis to provide additional protection for them. [Read more]

16 Nov 2022

Arbitrary File Upload Vulnerability in HTML WP

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, an arbitrary file upload vulnerability in a brand new plugin, HTML WP.

We now are also running all the plugins used by our customers through the same system used for the proactive monitoring on a weekly basis to provide additional protection for them. [Read more]

5 Oct 2022

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability in Create Block Theme

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, an arbitrary file upload vulnerability being added to the plugin Create Block Theme.

We now are also running all the plugins used by our customers through that on a weekly basis to provide additional protection for them. [Read more]

15 Apr 2022

Brand New WordPress File Manager Plugin Allows Anyone to View and Upload Arbitrary Files

Before new plugins are allowed in to WordPress’ plugin directory, they are claimed to go through a manual review:

After your plugin is manually reviewed, it will either be approved or you will be emailed and asked to provide more information and/or make corrections. [Read more]

6 Dec 2021

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability Being Introduced in to WP Image Refresh

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, an arbitrary file upload vulnerability, being introduced in to the plugin WP Image Refresh.

There appear to be other security issues in the plugin. [Read more]

6 Oct 2021

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability in WP-Property

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught ones of those vulnerabilities, an arbitrary file upload vulnerability, in the plugin WP-Property.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

17 Sep 2021

WordPress Plugin Directory Team Again Allows Incredibly Insecure Plugin in to Directory Despite Doing “Security Review”

Last week we noted that despite every new WordPress plugins being added to the WordPress Plugin Directory having supposed to have gone through a manual review first, including a security review, plugins that should never be approved are. A possible explanation for that is that there is a fabulist running the team handling the directory, Mika Epstein, who is claiming to do reviews they are not. Fairly prominently on the WordPress website, they claim to have reviewed 46,800 plugins, despite that being hard to believe possible to do as a part-time volunteer:

[Read more]