04 May

Vulnerability Details: Authenticated Persistent Cross-Site Scripting (XSS) in WordPress File Upload

From time to time a vulnerability in a plugin is disclosed without the discoverer putting out a complete report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. Recently we discussed a couple of false reports of [Read more]

07 Feb

Vulnerability Details: Privilege Escalation Vulnerability in Accelerated Mobile Pages

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. A little less than a month ago the plugin Accelerated Mobile [Read more]

16 Jan

Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in WP GitHub Tools

Recently we were contacted by one of the users of our service, J.D. Grimes, who had found some possible vulnerabilities that involved shortcodes and a lack of escaping when passing data to the function wp_localize_script(). He was too busy to go further with them at the time and was wondering if we could take it [Read more]

16 Jan

Making Sure That Valid Values Are Provided For Shortcode Attributes Can Prevent Security Issues As Well Providing a Better Experience

One of the areas of WordPress plugins that has received additional attention when it comes to security recently has been shortcodes, as WordPress now allows anyone that is logged in to WordPress to access those. While that change has expanded the pool of people that might exploit an issue related to those, it was already [Read more]

16 Oct

Vulnerability Details: Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in Starbox

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. What seems like a good reason for the Plugin Directory [Read more]

24 Aug

Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in FG Joomla to WordPress

While looking into an unrelated issue with the plugin FG Joomla to WordPress, we found that it contained an authenticated cross-site scripting (XSS) vulnerability. The plugin has a number of actions that are run through the function ajax_importer(), which is accessed through WordPress’ AJAX functionality and is accessible to anyone logged in to WordPress (/includes/class-fg-joomla-to-wordpress.php): 184 [Read more]

09 Jun

Authenticated Persistent Cross-Site Scripting (XSS) in WP Posts Carousel

Recently we found that the plugin WP Posts Carousel has an authenticated persistent cross-site scripting (XSS) vulnerability due to a lack of sanitation or escaping when shortcode attributes are output in Javascript code generated by the plugin. For example, the “dots_speed attribute is added to the output with the following line in the file /carousel-generator.class.php: 456 dotsSpeed: [Read more]

10 Apr

Vulnerability Details: Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in YOP Poll

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases [Read more]

13 Feb

Vulnerability Details: Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in BP Better Messages

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases [Read more]

03 Feb

Vulnerability Details: Authenticated Persistent Cross-Site Scripting (XSS) in Watu

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases [Read more]