Login

Tag Archives: Cross-Site Request Forgery (CSRF)/Plugin Deactivation

11 Nov 2022

Cross-Site Request Forgery (CSRF)/Plugin Deactivation Vulnerability in 10Web Booster

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a less serious variant of one of those vulnerabilities, a cross-site request forgery (CSRF)/plugin deactivation vulnerability in 10Web Booster.

We now are also running all the plugins used by our customers through that on a weekly basis to provide additional protection for them. [Read more]

6 May 2022

WordPress Plugin Page Builder Addons for WPBakery Contains Authenticated Arbitrary File Upload Vulnerability

At the end of March we noticed what looked to be a hacker probing for usage of the plugin Pie Register and found that it contained a vulnerability that hackers would be interested in exploiting, an authenticated arbitrary file upload vulnerability because of insecure code for allowing the installation of WordPress plugins. It also contained several other vulnerabilities.

While working on improvements to our detection system and our firewall plugin related to that type of vulnerability, we found that over a month after that, the developer still hasn’t even attempted to address the vulnerabilities in another of their plugins, Page Builder Addons for WPBakery. [Read more]

28 Mar 2022

WordPress Plugin Targeted by Hacker Contains Authenticated Arbitrary File Upload Vulnerability

The WordPress plugin Pie Register has had many vulnerabilities discovered in over the years, including multiple serious vulnerabilities that you would expect hackers to try to exploit. Despite that, WordPress states it has 5,000 active installs, so continued insecurity doesn’t appear to discourage people from using a plugin (though thankfully, none of the customers of our main service are currently using the plugin).

Over the weekend, we had what look to be a hacker probing for usage of the plugin on this website with a request for the following file: [Read more]

15 Feb 2022

Our Proactive Monitoring Caught a CSRF/Plugin Deactivation Vulnerability in Language Switcher

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of those vulnerabilities, a cross-site request forgery (CSRF)/plugin deactivation vulnerability in the plugin Language Switcher.

We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]

29 Nov 2021

Our Proactive Monitoring Caught an Authenticated Plugin Deactivation Vulnerability in Userplace

Recently we ran across a vulnerability that had just been fixed in a plugin that allowed deactivating arbitrary WordPress plugins. That is a big concern for firewall plugins, like the one we recently released, as an attacker could disable the plugin and then take actions they would otherwise be unable to take because of the firewall. Making it more of a concern, testing we did after finding that, showed that most security plugins didn’t protect against that. We have put in place protection for that in our firewall plugin, which will be released with the next version of our plugin, but based on past experience, other security plugins likely won’t address that.

After seeing that vulnerability, we updated our automated tools, including our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities, to detect some instances of that. Because of that update to our proactive monitoring, we were alerted to an authenticated instance of that in the plugin Userplace. [Read more]