03 Jan

Our Plugin Security Checker Can Now Spot More Possible Issues Leading to Arbitrary File Upload Vulnerabilities

As we have mentioned before, we recently improved our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins, to build on code we had developed for our Plugin Security Checker, an automated tool you can use to check if plugins you use contain possible security issues. That in turn has allowed us to easily test out new checks for our Plugin Security Checker across a lot of code before introducing it to the public, which makes it easier to improve that tool while not causing unnecessary issues for people using the Plugin Security Checker. One of the checks we have been testing out has now spotted one of the most likely to be exploited types of vulnerabilities, an arbitrary file upload vulnerability, in the plugin Buddy Share It Allusers FB YR, which would allow a hacker to take control of website by adding a file with malicious code to it.

[Read more]