Login

Tag Archives: Brave Conversion Engine

Plugin Security Scorecard Grade for Brave Conversion Engine

Checked on August 12, 2024
F

See issues causing the plugin to get less than A+ grade

23 Feb 2024

How Our Customers Helped Make WordPress Plugins More Secure, Week of February 23

Our customers provide us with the ability to help make WordPress plugins more secure. Mostly, with plugins they use, but to a lesser extent other plugins. That work often goes unmentioned. So we are highlighting that to help to better understand what is going on and how signing up for our service can help to expand that work.

This week, we again found that vulnerability fixes in popular plugins were incomplete or hadn’t been applied to all the plugins they needed to be. Some of those have now been addressed, some haven’t. You can sign up for a free trial of our service to see if you are using plugins that are known to be vulnerable. We currently have data on plugins with at least 8.2 million installs that are known to be vulnerable and stillĀ  in the WordPress Plugin Directory. [Read more]

21 Feb 2024

Privilege Escalation Vulnerability in Brave Conversion Engine

One of the changelog entries for the latest version of the Brave Conversion Engine is “Fixed: SSFR vulnerability.” That would presumably be a reference to a server-side request forgery (SSRF) vulnerability. Looking into that, it seems the SSRF element of that is limited, but there is still a vulnerability that hasn’t been resolved here. We have reached out to the developer about that and offered to help them address it.

[Read more]