04 May

Authenticated Information Disclosure Vulnerability in Page and Post Clone

The log message for version 1.1 of the plugin Page and Post Clone was “cookie exploit resolution”.  In looking at the changes made in that version to see if that was a vulnerability that we should add to our data we found that what was being fixed there was a cross-site request forgery (CSRF) vulnerability. As […]

14 Feb

A Recently Closed Plugin Contains a Vulnerability That Allows Anyone Logged in to WordPress to View Directory Listings

Today we had somebody contact us asking if we had any insight in to why the plugin WordPress Backup to Dropbox was removed from the Plugin Directory (after seeing one of yesterday’s posts). Our guess on that would be that it has to do with the plugin no longer working, but while doing a quick […]

20 Oct

Authenticated Information Disclosure Vulnerability in Duplicate Page

We recently went to a take a look at the details of a reflected cross-site scripting (XSS) vulnerability that had been disclosed in the plugin Duplicate Page we noticed that it also had a cross-site request forgery (CSRF) vulnerability. After that we remember that a similar plugin Duplicate Post had previously had a vulnerability that allowed […]

19 Sep

Authenticated Information Disclosure Vulnerability in Share Drafts Publicly

The changelog entry for version 1.1.4 of Share Drafts Publicly is “Added security enhancements.”. In looking over that we found a change was made to fix a cross-site request forgery (CSRF) vulnerability that existed with AJAX functionality to share a draft of a post or page publicly. The exploitability of that is limited since an attacker that […]

24 Aug

Authenticated Information Disclosure Vulnerability in Advanced Contact form 7 DB

One of the strengths of WordPress is the multitude of plugins available, if you need some functionality you are likely to find a plugin that provides it. There are downsides as well. With over 51,000 plugins in the Plugin Directory it isn’t surprising to find new plugins that duplicate functionality already provided by another plugin. […]

09 Aug

Authenticated Information Disclosure Vulnerability in Cherry Team Members

The plugin Cherry Team Members had the same authenticated information disclosure that the Cherry Services List had. The vulnerability was caused by the fact that  contributor and author level users could duplicate posts that they would not have been able to edit. That could for example, have allowed them to gain access to the contents of password protected posts. The […]

09 Aug

Authenticated Information Disclosure Vulnerability in Cherry Services List

While looking into a possible expansion of what we check during our security review of WordPress plugins  chosen by our customers we found that the plugin Cherry Services List had an authenticated information disclosure vulnerability. That was caused by the fact that contributor and author level users could duplicate posts that they would not have been able […]

08 Jun

Authenticated Information Disclosure Vulnerability in Contact Form 7 Database

After noticing that another plugin that saves contact form submissions from the plugin Contact Form 7 made them publicly accessible we took a look other plugins that also save them to see if any of them had a similar issue. In doing that we found that the plugin Contact Form 7 Database made saved contact form submissions […]

10 Apr

Vulnerability Details: Authenticated Information Disclosure Vulnerability in Duplicate Post

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases […]

15 Dec

Authenticated Information Disclosure Vulnerability in Backup & Restore Dropbox

Last Friday we had a pair of requests on one of our websites for a file from the plugin Backup & Restore Dropbox, /wp-content/plugins/dropbox-backup/template/css/tool-bar.css. Seeing as we never have had that plugin installed, that request would be likely a hacker probing for usage of the plugin. We could not find any previously disclosed vulnerabilities, so […]