Login

Tag Archives: Arbitrary File Upload

5 Aug 2021

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability Being Introduced in to a WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught one of the most serious vulnerabilities, if not the most serious, an arbitrary file upload vulnerability being introduced in to the plugin WP Agora.io (Agora Video for WordPress). We have caught that before it has been made generally available, as it exists in the beta version of version 3.0.0 of the pluign.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

18 Jun 2021

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability in the WordPress Plugin Payment QR WooCommerce

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught one of the most serious issues, an arbitrary file upload vulnerability in the plugin Payment QR WooCommerce. That is a type of vulnerability that hackers are highly likely to exploit.

The possibility of this vulnerability was also flagged by our Plugin Security Checker and while reviewing this vulnerability we added an additional check that flags some of the insecure code that is in play here, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

17 Jun 2021

Vulnerable WordPress Plugin Leads to Another Vulnerable WordPress Plugin

Earlier today we posted about a brand new WordPress plugin that has a security vulnerability that hackers would be likely to exploit. Part of the story there is that security reviews of new WordPress plugins are not happening or they are missing things they shouldn’t. Another piece of the story looks to be that the plugin is largely copied from another plugin and inherited the security vulnerability from that one.

While we were processing the vulnerability in that other plugin, we added a new check to our Plugin Security Checker tool to flag other instances of code similarly insecure to part of the issue with that plugin. While doing that, we checked to see if there might be other plugins in the WordPress Plugin Directory that had code similar to that using the search capability of the WP Directory. What we found was that there was another plugin that had a nearly identical line code to relevant line in the new plugin. Looking further at that second plugin, Wallet One Payment Gateway for WooCommerce, it became clear that the reason the code is nearly identical is that new plugin is using large chucks of code that exist in that plugin. The new plugin might not be copied directly from the plugin, as there could be additional plugins in the chain. [Read more]

17 Jun 2021

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability in Another Brand New WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That has led to us catching a vulnerability of a type that hackers are likely to exploit if they know about it.

This vulnerability is in a brand new plugin, WooCommerce Geidea Payment Gateway, and should have been something that the review that is supposed to be done before new plugins can be added to the Plugin Directory should have caught. It is something that would have been flagged by our Plugin Security Checker, so it would make sense to run plugins through that during that security review to avoid this type of situation continuing to happen. That it continues to happen speaks to the continued lack of interest in improving security by the leadership of WordPress (starting at the top with Matt Mullenweg) and the continued role we play in limiting the impact of that for everyone else. We would be happy to provide the Plugin Directory team free access to all of that tool’s capabilities and have repeatedly offered to do that, but we haven’t been taken up on that. [Read more]

15 Jun 2021

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability in a Brand New WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That has led to us catching a vulnerability of a type that hackers are likely to exploit if they know about it.

This vulnerability is in a brand new plugin, Wireless Butler, and should have been something that the review that is supposed to be done before new plugins can be added to the Plugin Directory should have caught. It is something that would have been flagged by our Plugin Security Checker, so it would make sense to run plugins through that during that security review to avoid this type of situation continuing to happen. That it continues to happen speaks to the continued lack of interest in improving security by the leadership of WordPress (starting at the top with Matt Mullenweg) and the continued role we play in limiting the impact of that for everyone else. We would be happy to provide the Plugin Directory team free access to all of that tool’s capabilities and have repeatedly offered to do that, but we haven’t been taken up on that. [Read more]

11 Sep 2019

What Security Review? Brand New WordPress Plugin Contains Arbitrary File Upload Vulnerability

Brand new WordPress plugins are supposed to go through a security review before being allowed in the Plugin Directory. Either those reviews are not happening or they are failing to catch things that should have been caught. Take the plugin Zedna Contact form, which we came across due our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities flagging that it contains an arbitrary file upload vulnerability, which is a type of vulnerability likely to be exploited.

We have long offered to provide the team running the Plugin Directory help to have a capability similar to that monitoring. Running the plugin through our Plugin Security Checker would have warned about that as well. We have also long offered the team running the Plugin Directory free access to the advanced mode of that tool for free. We haven’t heard any interest from that team to either of those offers. [Read more]

1 Jul 2019

Vulnerability Details: Arbitrary File Upload in Insert or Embed Articulate Content into WordPress

One area where WordPress plugins need to be very careful when it comes to security is handling file uploads. The plugin Insert or Embed Articulate Content into WordPress hasn’t been doing that and it seems the developer doesn’t have the capability to handle that.

[Read more]

10 Jun 2019

Vulnerability Details: Arbitrary File Upload in Finale Lite -Sales Countdown Timer & Discount for WooCommerce

In the monitoring we do to keep track of vulnerabilities that hackers might be targeting we recently saw probing for the plugin Finale Lite -Sales Countdown Timer & Discount for WooCommerce. That plugin was updated a couple of days after that had occurred and one of the changelog entries is “Improved: Depreciated unused code was running, cleaned now.”. Looking at the changes made we saw that code was removed that could potentially lead to an arbitrary file upload vulnerability, though at first glance it would seem that security checks might prevent hackers accessing that. Upon closer inspection we found that it was exploitable and that it impacted two other plugins by the developer, NextMove Lite – Thank You Page for WooCommerce and User Email Verification for WooCommerce.

[Read more]

23 Apr 2019

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability in WooCommerce Checkout Manager

With an arbitrary file upload upload vulnerability in the plugin WooCommerce Checkout Manager our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities caught, a good reminder is provided that things are not always as they visibly seem with plugins.

In the plugin’s settings, by default it appears that you cannot upload files as the setting for that is not checked: [Read more]

22 Apr 2019

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability Returning to Zielke Specialized Catalog

On April 10 we detailed for our customers an arbitrary file upload vulnerability that had been in the plugin Zielke Specialized Catalog and some of the odd circumstances surrounding that. A week later a new version of the plugin was released that restores the vulnerability, which we noticed through our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities, and again it isn’t clear exactly what was going on there.

In the most recent of the plugin the file /ajax/ajax_backend_product_upload.php was changed to: [Read more]