If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during October (and what you have been missing out on if you haven’t signed up yet, which you can currently do for half off): [Read more]
As we mentioned in more detail the previous post discussing the other vulnerability we found in the plugin Awesome Support, after seeing them make some bad advice on making decisions on what plugin to use from a security perspective, we took at look at their plugin and in seconds found that it wasn’t secure.
The plugin allows anyone to create a WordPress account, which increases security risk due to the fact that many plugins do not properly restrict access to functionality in them to only certain logged in users, this plugin being one of them. [Read more]
There is what seems like a nearly endless supply of advice on security for WordPress websites. A lot of it comes from people that shouldn’t be providing it (that includes much of what comes from security companies). We recently wrote a post about some bad security advice coming from the company behind the Awesome Support plugin on choosing plugins and we were curious to see how secure their plugin was. It took only seconds to find that plugin was failing to do some security basics, which lead to a couple of serious issues (we didn’t do anywhere near a full review, so there may be other issues).
This plugin introduces increased security risk to a WordPress installation because it allows anyone to create a WordPress account. What we and others have found is many times plugins do not properly restrict functionality to only higher level users, so if untrusted individuals are able to create an account, it can allow attackers the access to exploit vulnerabilities they otherwise couldn’t. The problem here is not allowing untrusted users to have accounts, but the improperly secured plugins, but allowing that does increase security risk. The most popular source of those vulnerabilities is with functions that are accessible through WordPress’ AJAX functionality. [Read more]