10 Aug

Our Proactive Monitoring Caught an Authenticated PHP Object Injection Vulnerability in a Brand New Plugin

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities before they are exploited. That sometimes leads to us catching a vulnerability of a [Read more]

12 Mar

Our Proactive Monitoring Caught a Authenticated PHP Object Injection Vulnerability in bbPress Move Topics

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That sometimes leads to us catching a vulnerability of a more limited variant of [Read more]

22 Feb

Is This Authenticated PHP Object Injection Vulnerability Why a Hacker Would Be Interested in the Category Order and Taxonomy Terms Order Plugin?

Several days ago we had a request on this website from the IP address 66.148.121.112 (which has a history reported abuse) for a file that would be located at /wp-content/plugins/taxonomy-terms-order/css/to.css. That is file from the plugin Category Order and Taxonomy Terms Order and our guess would be that the request was from a hacker probing for [Read more]

15 Feb

Our Proactive Monitoring Caught an Authenticated PHP Object Injection Vulnerability in Autoship Cloud

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That sometimes leads to us catching a vulnerability of a more limited version of [Read more]

06 Oct

Authenticated PHP Object Injection Vulnerability in Event List

Since June we have been doing proactive monitoring of changes made to plugins to try to catch serious vulnerabilities. So far that has lead to identifying existing vulnerabilities, newly introduced vulnerabilities, newly introduced vulnerabilities in brand new plugins, and vulnerabilities being fixed. For the first time it has lead to us identifying a vulnerability in a plugin [Read more]

13 Sep

Authenticated PHP Object Injection Vulnerability in Media from FTP

We recently started proactively monitoring for evidence of some high risk vulnerabilities when changes are made to WordPress plugins and if we had more customers we could expand the proactive monitoring to more types of vulnerabilities. One of the types of vulnerabilities we are looking for are PHP object injection vulnerabilities since those are likely to be [Read more]

05 Sep

Authenticated PHP Object Injection Vulnerability in Media Library Assistant

We recently started proactively monitoring for evidence of some high risk vulnerabilities when changes are made to WordPress plugins and if we had more customers we could expand the proactive monitoring to more types of vulnerabilities. One of the types of vulnerabilities we are looking for are PHP object injection vulnerabilities since those are likely to be [Read more]