Login

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

  • Why Plugin Vulnerabilities?
    • We Provide Fixes for Vulnerabilities
    • We Provide Accurate Vulnerability Information
    • Insightful Blocked Exploit Attempt Reporting
    • How We Are Improving the Security of WordPress Plugins
    • Proactive Monitoring for Vulnerabilities in New Versions of WordPress Plugins
    • Select Plugins to Receive Security Reviews
  • Sign Up
    • Set Up
  • PV Firewall
    • Set Up
    • Block Insights
    • WordPress Firewall Comparison
  • Other Services
    • WordPress Security Checkup
    • Plugin Security Review
    • Continuous Plugin Security Review Service
    • Theme Security Review
    • Hacked WordPress Website Cleanup
    • Abandoned WordPress Plugin Maintenance Service
    • Blue Hat Hacking Service for WordPress Plugins/Websites
    • Plugin Vulnerabilities Subscription for ClassicPress
    • Solutions for Web Hosts
    • Solutions for Security Providers
  • Plugin Search
    • WordPress Firewall Tester
    • WordPress Plugins Checker
    • Plugin Security Scorecard
    • Security Scorecard WordPress Plugin
    • WordPress REST API Route Checker
  • Research
    • Plugin Vulnerabilities Survey
    • Report Hacking of WordPress Website
    • Unfixed Security Issues in WordPress
    • Security Advisories on WordPress Plugin Developers
    • WP Security Researcher Database
    • Send us a Tip
  • About
    • WordPress Plugin Zero-Day Vulnerability Exploitation Info Sharing Partnership
    • Get Free Help Fixing A Security Vulnerability In Your WordPress Plugin
    • Contact Us
    • Feedback
    • Report a WordPress Plugin Vulnerability We Are Missing

Tag Archives: Brute Force Login Protection

30 Jun 2017

What Happened With WordPress Plugin Vulnerabilities in June 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during June (and what you have been missing out on if you haven’t signed up yet): [Read more]

Plugin Vulnerabilities Posted in What's New With Plugin Vulnerabilities All-in-One WP Migration, Analytics Tracker, BackUpWordPress, Brute Force Login Protection, Companion Auto Update, Contact Form 7 – PayPal Add-on, Contact Form 7 Database, Count per Day, Custom Sidebars, Easy PayPal Gift Certificate, Event Calendar WD, Event List, File Manager, Memphis Documents Library, Multi Feed Reader, Newsletters, PayPal Buy Now Button, PayPal Digital Downloads, PayPal Shopping Cart, Postman SMTP, Product Catalog, Responsive Menu, RSVP, Salon booking system, Save Contact Form 7, Skype Legacy Buttons, Spiffy Calendar, uCare, UpiCRM, WC Duplicate Order, What's New With Plugin Vulnerabilities, WordPress Download Manager, WP Custom Admin Login Page Logo, WP Custom Fields Search, WP File Manager, WP Posts Carousel, WP-Members Leave a comment
29 Jun 2017

Reflected Cross-Site Scripting (XSS) Vulnerability in Brute Force Login Protection

Far too often we have found that security companies are spreading false information related to the security of WordPress. One of the most popular falsehoods they spread is that there are a lot of brute force attacks against WordPress admin users, despite their own evidence showing that those attacks are not happening. The cause of those false claims seems to be some mix of lack of security knowledge and using it to promote their products (it’s much easy for them to protect against something that isn’t happening then to protect against real threats). There are a number of consequences of doing that, from people believing that WordPress is insecure in a way it isn’t, to people not focusing on real problems, and causing people to introduce additional vulnerabilities on to their websites.

That last issue can be seen in the vulnerability we recently found in the plugin Brute Force Login Protection, which as you can guess from the name is intended to protect against brute force attacks. The plugin didn’t properly handle user input leading to a reflected cross-site scripting (XSS) vulnerability. That isn’t a major issue as all of the major web browsers other than Firefox have XSS filtering that would prevent many attempts to exploit this and we don’t see hackers trying to target this on a wide scale, but it is a threat that wouldn’t have existed on the websites using the plugin if there wasn’t the false claim that brute force attacks were happening. [Read more]

Plugin Vulnerabilities Posted in Vulnerability Report Brute Force Login Protection, Reflected Cross-Site Scripting (XSS), Security Vulnerability in Security Plugin, Vulnerability Report Leave a comment

Post navigation

Follow Us

  • Google News
  • Bluesky
  • RSS

Latest Plugin Security Reviews

  • WordPress Plugin Security Review: FV Gravatar Cache
  • WordPress Plugin Security Review: Popup Builder
  • WordPress Plugin Security Review: WP Time Capsule
Powered by WordPress and WooCommerce
© 2016-2025 White Fir Design LLC | Privacy Policy
Fruitful theme by fruitfulcode
↑