See issues causing the plugin to get less than A+ grade
We recently saw a hacker probing for usage of the WordPress plugin Booking Calendar on our website and third-party websites with the following request:
/wp-content/plugins/booking/readme.txt [Read more]
On one of our websites and in third-party data we monitor, we saw what appeared to be a hacker probing for usage the WordPress plugin Booking Calendar today. In the past year, there was a serious vulnerability fixed in the plugin and lesser security issues fixed in the plugin. Those could possibly explain a hacker’s interest in the plugin, especially the serious vulnerability fixed. To make sure there wasn’t something still in the plugin that might be targeted, we did a quick check of the plugin for security issues that are commonly targeted by hackers. What we found was that the plugin still lacks basic security and that at least allows a hacker to easily gain access to all the customer data submitted through the plugin.
We would recommend avoiding the plugin unless a thorough security review, like the ones we do, is done and all the issues found are addressed. [Read more]
One of the changelog entries for the latest version of the WordPress plugin Booking Calendar:
…
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during January (and what you have been missing out on if you haven’t signed up yet): [Read more]
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during December (and what you have been missing out on if you haven’t signed up yet): [Read more]
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during October (and what you have been missing out on if you haven’t signed up yet, which you can currently do for half off): [Read more]
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
…
From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.
…