Login

Tag Archives: Contact Form 7 Captcha

15 Jul 2022

Not Really a WordPress Plugin Vulnerability, Week of July 15

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports, we release posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular, are items that are not outright false, just the issue is probably more accurately described as a bug. For those that don’t rise to the level of getting their own post, we now place them in a weekly post when we come across them.

Reflected Cross-Site Scripting in Contact Form 7 Captcha

Automattic’s WPScan made this claim about a supposed reflected cross-site scripting vulnerability in the plugin Contact Form 7 Captcha: [Read more]

27 Aug 2021

Closures of Very Popular WordPress Plugins, Week of August 27

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in an instances where a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was because of a vulnerability.

During the week, one of those plugins was closed. [Read more]