04 Oct

Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in Pym.js Embeds

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. We recently made a big improvement to our ability to [Read more]

06 Sep

Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in Slider Hero

One of WordPress’ strengths is the number of plugins that are available, but that also leads to additional security issues since you have a lot or reinventing the wheel, where a new plugin is created that does something already done with existing plugins. What we have found is that can lead to security issues that [Read more]

30 Apr

Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in Page and Post Clone

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. The log message for version 1.1 of the plugin Page and [Read more]

05 Apr

Real World Result of RIPS Code Analysis Service Doesn’t Match Hyperbolic Marketing of It

Recently there was claim made that an authenticated SQL injection vulnerability had been fixed in the plugin Custom Permalinks. In looking into that though we found that it was only accessible to Administrators, who would already normally have the capability to do the equivalent of SQL injection, so that wouldn’t really be a vulnerability. What seems [Read more]

02 Nov

Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in WP Fastest Cache

One of the strangest experiences we have had with trying to get a vulnerability fixed involved the plugin WP Fastest Cache. After we had dug into the details that Wordfence failed to include when they disclosed a couple of vulnerabilities in that plugin, we noticed they had missed part of the vulnerabilities (which would be a [Read more]

20 Oct

Cross-Site Request Forgery (CSRF) Vulnerability in Duplicate Page

While looking into the details of a reflected cross-site scripting (XSS) vulnerability in the plugin Duplicate Page we noticed that there was no protection against cross-site request forgery (CSRF) when using the plugin’s functionality, duplicating a post or page. As of version 2.3 the URLs for the duplication looks like this: /wp-admin/admin.php?action=dt_duplicate_post_as_draft&post=1 If there was protection [Read more]

06 Oct

Authenticated PHP Object Injection Vulnerability in Event List

Since June we have been doing proactive monitoring of changes made to plugins to try to catch serious vulnerabilities. So far that has lead to identifying existing vulnerabilities, newly introduced vulnerabilities, newly introduced vulnerabilities in brand new plugins, and vulnerabilities being fixed. For the first time it has lead to us identifying a vulnerability in a plugin [Read more]

19 Sep

Authenticated Information Disclosure Vulnerability in Share Drafts Publicly

The changelog entry for version 1.1.4 of Share Drafts Publicly is “Added security enhancements.”. In looking over that we found a change was made to fix a cross-site request forgery (CSRF) vulnerability that existed with AJAX functionality to share a draft of a post or page publicly. The exploitability of that is limited since an attacker that [Read more]

12 Jun

Cross-Site Request Forgery (CSRF) Vulnerability in PayPal Digital Downloads

Recently we found that the plugin Contact Form 7 – PayPal Add-on contained a cross-site request forgery (CSRF) vulnerability with the saving of the plugin’s settings that would allow changing the PayPal address that payments through plugin go to. In looking over the developer’s other plugins we found that the PayPal Digital Downloads plugin contains the same [Read more]

12 Jun

Cross-Site Request Forgery (CSRF) Vulnerability in Contact Form 7 – PayPal Add-on

After noticing a number of vulnerabilities in a couple of plugins that work with the plugin Contact Form 7 we started looking over other plugins that work with it. In doing that we found that the plugin Contact Form 7 – PayPal Add-on has a cross-site request forgery (CSRF) vulnerability in its code to save the plugin’s settings, [Read more]