Login

Tag Archives: Asgaros Forum

3 Dec 2021

Not Really a WordPress Plugin Vulnerability, Week of December 3

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports, we release posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular, are items that are not outright false, just the issue is probably more accurately described as a bug. For those that don’t rise to the level of getting their own post, we now place them in a weekly post when we come across them.

Authenticated Stored XSS in Asgaros Forum

This week Wordfence claimed there had been an authenticated stored XSS vulnerability in Asgaros Forum and it was fixed. They described it this way: [Read more]

1 Sep 2017

What Happened With WordPress Plugin Vulnerabilities in August 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during August (and what you have been missing out on if you haven’t signed up yet): [Read more]

16 Aug 2017

Settings Change Vulnerability in Asgaros Forum

One of the ways we make sure we have the best data on vulnerabilities in WordPress plugins is by monitoring the WordPress Support Forum for threads possibly related to those. Through that today we ran across a thread started earlier today that seemed to indicate malicious .php files were being uploaded through the Asgaros Forum plugin.

Looking over the plugin we found that the plugin’s settings would not normally allow that, but one of the posts in thread pointed to how it was occurring: [Read more]