23 Oct

Authenticated Arbitrary File Deletion Vulnerability in Awesome Support

As we mentioned in more detail the previous post discussing the other vulnerability we found in the plugin Awesome Support, after seeing them make some bad advice on making decisions on what plugin to use from a security perspective, we took at look at their plugin and in seconds found that it wasn’t secure.

[Read more]

23 Oct

Authenticated Arbitrary File Viewing Vulnerability in Awesome Support

There is what seems like a nearly endless supply of advice on security for WordPress websites. A lot of it comes from people that shouldn’t be providing it (that includes much of what comes from security companies). We recently wrote a post about some bad security advice coming from the company behind theĀ Awesome Support plugin on choosing plugins and we were curious to see how secure their plugin was. It took only seconds to find that plugin was failing to do some security basics, which lead to a couple of serious issues (we didn’t do anywhere near a full review, so there may be other issues).

[Read more]