Login

Tag Archives: Cross-Site Request Forgery (CSRF)/Restricted File Upload

12 Jun 2023

Hackers Likely Trying to Exploit This Partially Fixed Vulnerability in the WordPress Plugin Download Monitor

In the past few days we have seen what appear to be at least two hackers probing for usage of the WordPress plugin Download Monitor, which has 100,000+ installs. In looking into what might explain that, we found that there was a vulnerability that hackers would try to exploit that was partially fixed shortly before the probing started. Thankfully, there are some important limitations to it being exploitable.

The changelog for a recent version of the plugin had a concerning entry: [Read more]

28 Feb 2022

Recently Closed WordPress Plugin with 50,000+ Installs Contains CSRF/Restricted File Upload Vulnerability

A week ago, the WordPress plugin Nimble Page Builder was closed on WordPress Plugin Directory. Because that is one of the 1,000 most popular plugins in that directory (it has 50,000+ installs), our systems warned us about the closure and we started checking over the plugin to see if there was a vulnerability we should warn customers of our service about if they are using the plugin. What we found was that it contains a cross-site request forgery (CSRF) vulnerability that can be used to upload some types of files.

In the file /inc/sektions/ccat-czr-sektions.php, the plugin makes the function sek_ajax_import_attachment() accessible to those logged in to WordPress: [Read more]

1 Jul 2019

Vulnerability Details: Arbitrary File Upload in Insert or Embed Articulate Content into WordPress

One area where WordPress plugins need to be very careful when it comes to security is handling file uploads. The plugin Insert or Embed Articulate Content into WordPress hasn’t been doing that and it seems the developer doesn’t have the capability to handle that.

[Read more]