23 Jul

Our Proactive Monitoring Caught an Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in Yes-co ORES

One of the ways we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated settings change vulnerability that leads to an authenticated persistent cross-site scripting (XSS) vulnerability in the plugin Yes-co ORES.

[Read more]

15 Jul

Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in Project Supremacy Lite (Project Supremacy V3 Lite)

As part of making sure we are providing the users of our service with the best information on vulnerabilities in WordPress plugins they may be using we monitor for indications that security vulnerabilities have been fixed in new versions of the plugins. Today that led to us looking at Project Supremacy Lite (Project Supremacy V3 Lite) where the changelog for the latest version is “Added some security fixes.” The changes made in that version look to be escaping the output of the plugin’s settings. Normally the lack of that wouldn’t be a vulnerability because only Administrators are allowed to change the settings and they can do anything they want with WordPress already. When we went to check to see if that was the case with this plugin we found that anyone logged in to WordPress can change the plugin’s settings and one of those settings is intended to be used to place JavaScript code on all of the frontened pages of the website, which would lead to an authenticated persistent cross-site scripting (XSS) vulnerability.

[Read more]

17 Jun

Vulnerability Details: Authenticated Settings Change in WebP Express

This post provides the details of a vulnerability in the WordPress plugin WebP Express not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website is vulnerable due to it.

[Read more]

17 Jun

Facebook’s WordPress Plugin Messenger Customer Chat Contains an Authenticated Settings Change Vulnerability

In our previous post we detailed our running across a vulnerable WordPress plugin made by Facebook with 200,000+ installs, after noticing that we did a quick check to see if any other there other plugins had similar issues. We found that their plugin Messenger Customer Chat, which has 20,000+ installs, contains a similar vulnerability, though in this case the code is even less secure.

[Read more]

13 Jun

Simply Closing a WordPress Plugin With a Vulnerability Likely to Be Exploited Just Leaves Websites Open to Being Hacked

As part of making sure the customers of our service are getting the best information on vulnerabilities in WordPress plugins they may be using we monitor for hackers probing for usage of plugins on our website and then try to figure out what the hackers might be looking to exploit. A week ago that led to us running across two plugins with unfixed vulnerabilities. One of those plugins was closed on the WordPress Plugin Directory on May 9. In the past day we had saw a hacker probing for another plugin that was closed on the same day, Real Estate Manager – Property Listing and Agent Management.

[Read more]

07 Jun

Vulnerability Details: Authenticated Settings Change and Persistent XSS in WordPress to Sugar / SuiteCRM Lead

This post provides the details of a vulnerability in the WordPress plugin WordPress to Sugar / SuiteCRM Lead not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website is vulnerable due to it.

[Read more]

04 Jun

Vulnerability Details: Authenticated Persistent XSS in Personalized WooCommerce Store (Personalized WooCommerce Cart Page)

This post provides the details of a vulnerability in the WordPress plugin Personalized WooCommerce Cart Page not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website is vulnerable due to it.

[Read more]

01 Apr

Authenticated Settings Change Vulnerability That Leads to Persistent XSS in WP Google Maps

One of the things we do to keep track of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in the plugins they use is to monitor the WordPress Support Forum for topics that might relate to those. Through that we came across an authenticated settings change vulnerability that can permit persistent cross-site scripting (XSS) in the plugin WP Google Maps, which considering the plugin has 400,000+ install, is something that would be of interest to hackers.

[Read more]

08 Feb

Vulnerability Details: Authenticated Settings Change in Launcher

This post provides the details of a vulnerability in the WordPress plugin Launcher not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website is vulnerable due to it.

[Read more]

25 May

Protecting You Against Wordfence’s Bad Practices: Unauthorized Options Update Vulnerability in WP Fastest Cache

Wordfence is putting WordPress website at risk by disclosing vulnerabilities in plugins with critical details needed to double check their work missing, in what appears to be an attempt to profit off of these vulnerabilities. We are releasing those details so that others can review the vulnerabilities to try to limit the damage Wordfence’s practice could cause.

[Read more]