02 Mar

What Happened With WordPress Plugin Vulnerabilities in February 2018

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during February (and what you have been missing out on if you haven’t signed up yet): [Read more]

22 Feb

Is This Authenticated PHP Object Injection Vulnerability Why a Hacker Would Be Interested in the Category Order and Taxonomy Terms Order Plugin?

Several days ago we had a request on this website from the IP address (which has a history reported abuse) for a file that would be located at /wp-content/plugins/taxonomy-terms-order/css/to.css. That is file from the plugin Category Order and Taxonomy Terms Order and our guess would be that the request was from a hacker probing for usage of the plugin in preparation to try to exploit a vulnerability in it. In looking over the plugin we found an authenticated PHP object injection vulnerability that might be what be what a hacker would be interested in exploiting.

The plugin makes the function TOsaveAjaxOrder() available through WordPress’ AJAX functionally to anyone logged in: [Read more]