Login

Tag Archives: Authenticated Arbitrary File Viewing

17 Sep 2019

Our Proactive Monitoring Accidentally Found an Arbitrary File Viewing Vulnerability Being Introduced in to a WordPress Plugin with 10,000+ Installs

Recently an arbitrary file viewing vulnerability was found in a WordPress plugin with 100,000+ installs and shortly after that it looks to be have been widespread exploit attempts. While those using our service were warned the same day it was fixed, so they could take action before it was exploited, people relying on the Wordfence Security plugin or the related paid service Wordfence Premium got hacked. Today while working on our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities we accidentally ran across the same kind of vulnerability being introduced in to the plugin Woocommerce Quick Buy, which has 10,000+ installs.

While trying to figure out how other code in the file /vendor/varunsridharan/vsp-framework/includes/class-ajax.php, which had been flagged by the automated portion of that proactive monitoring, would run, we looked to see if we could find how the function download_log() in that file would run. [Read more]

5 Sep 2019

Our Proactive Monitoring Caught an Arbitrary File Viewing Vulnerability in Groundhogg

One of the ways we help to improve the security of WordPress plugins, not just for the customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Due to recent improvements to that we caught an arbitrary file viewing vulnerability, which is a type of vulnerability likely to be exploited, in the plugin Groundhogg.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. That tool flags the possibility of other issues in this plugin as well. [Read more]

15 Apr 2019

Our Proactive Monitoring Caught an Authenticated Arbitrary File Viewing Vulnerability Being Introduced in to Apply Online

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated arbitrary file viewing vulnerability being introduced in to the plugin Apply Online.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

29 Mar 2019

Vulnerability Details: Authenticated Arbitrary File Viewing in Loco Translate

A recent report by Ali S. Ahmad (S4R1N) claimed that there is a local file inclusion (LFI) vulnerability in Loco Translate. The report is not of great quality, but in looking into this we found that there is authenticated arbitrary file viewing vulnerability that is exploitable by users with the Translator role or “loco_admin” capability.

[Read more]

27 Mar 2019

Full Disclosure of Authenticated Arbitrary File Viewing Vulnerability in Child Themes Helper

In our previous post we detailed an authenticated arbitrary file upload that our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities caught in the plugin Child Themes Helper. It looks like there is quite a bit of inadequately secured code in the plugin, but one other issue that stood out is an authenticated arbitrary file viewing vulnerability.

The plugin makes the function editFile() available to those logged in to WordPress: [Read more]

14 Jan 2019

Vulnerability Details: Authenticated Arbitrary File Viewing in Health Check & Troubleshooting

According to Matt Mullenweg one of the projects for WordPress in 2019 is “Merging the site health check plugin into Core, to assist with debugging and encouraging good software hygiene.” What seems like bad software hygiene would be to merge in software which hasn’t had a basic security review to another piece of  software used on millions of websites, which brings us to one of the changelog entries for the latest version of that plugin:

[Read more]

10 Sep 2018

Vulnerability Details: Authenticated Arbitrary File Viewing Vulnerability in Contact Form 7

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

[Read more]

23 Oct 2017

Authenticated Arbitrary File Viewing Vulnerability in Awesome Support

There is what seems like a nearly endless supply of advice on security for WordPress websites. A lot of it comes from people that shouldn’t be providing it (that includes much of what comes from security companies). We recently wrote a post about some bad security advice coming from the company behind the Awesome Support plugin on choosing plugins and we were curious to see how secure their plugin was. It took only seconds to find that plugin was failing to do some security basics, which lead to a couple of serious issues (we didn’t do anywhere near a full review, so there may be other issues).

This plugin introduces increased security risk to a WordPress installation because it allows anyone to create a WordPress account. What we and others have found is many times plugins do not properly restrict functionality to only higher level users, so if untrusted individuals are able to create an account, it can allow attackers the access to exploit vulnerabilities they otherwise couldn’t. The problem here is not allowing untrusted users to have accounts, but the improperly secured plugins, but allowing that does increase security risk. The most popular source of those vulnerabilities is with functions that are accessible through WordPress’ AJAX functionality. [Read more]

10 Jul 2017

Vulnerability Details: Authenticated Arbitrary File Viewing Vulnerability in Shortcodes Ultimate

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

[Read more]