From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
Recently we had a request on this website for the following URL: [Read more]
We recently started proactively monitoring for evidence of some high risk vulnerabilities when changes are made to WordPress plugins and if we had more customers we could expand the proactive monitoring to more types of vulnerabilities. For the first time we have found an arbitrary file viewing vulnerability through this, which is a type of vulnerability that is up there with the most likely to have exploit attempts. What is concerning about the vulnerability we found in the plugin WP Post Popup is how obvious the issue is and yet it had yet to be noticed.
In the file /public/includes/proxy.php the first code was: [Read more]
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
…
From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilites in the plugin.
…
One of the things that we do to keep track of the plugin vulnerabilities out there is to monitor hacking attempts on our websites. That sometimes leads us to finding what looks to be exploitation of vulnerabilities that a hacker has just discovered. In other cases it shows really old vulnerabilities that hackers are still trying to exploit. We have recently had some attempts to exploit a couple of vulnerabilities in older versions of the plugin Cherry Plugin. One was an arbitrary file upload vulnerability mentioned here and the other was an arbitrary file viewing vulnerability that we couldn’t find any prior mention of.
In version 1.2.6 and below the file /admin/import-export/download-content.php will serve up the contents of any file requested. It looks like that functionality was intended to be only accessible by admins, but there were no restrictions in place to prevent anyone else from accessing it. [Read more]