02 Mar

What Happened With WordPress Plugin Vulnerabilities in February 2018

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

[Read more]

22 Feb

Is This Authenticated PHP Object Injection Vulnerability Why a Hacker Would Be Interested in the Category Order and Taxonomy Terms Order Plugin?

Several days ago we had a request on this website from the IP address 66.148.121.112 (which has a history reported abuse) for a file that would be located at /wp-content/plugins/taxonomy-terms-order/css/to.css. That is file from the plugin Category Order and Taxonomy Terms Order and our guess would be that the request was from a hacker probing for usage of the plugin in preparation to try to exploit a vulnerability in it. In looking over the plugin we found an authenticated PHP object injection vulnerability that might be what be what a hacker would be interested in exploiting.

[Read more]