12 Aug

Vulnerability Details: Privilege Escalation in WP Social Feed Gallery

This post provides the details of a vulnerability in the WordPress plugin WP Social Feed Gallery not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

31 Jul

There is a CSRF Vulnerability in a WordPress Plugin with 80,000+ Installs Developed by One of The Six People Running the Plugin Directory

A core problem with the handling of the security issues with WordPress plugins is the team running the Plugin Directory, who have shown themselves not to be up to task of handling the role they are in. Part of that involves an inability to work with others to fix the problems the team are causing. That seems in part due to a belief they have capabilities they don’t. You can get a taste of that from the bio for one of the members that reads in part:

[Read more]

23 Jul

Vulnerability Details: Cross-Site Request Forgery (CSRF) in Simple WordPress Membership (Simple Membership)

This post provides the details of a vulnerability in the WordPress plugin Simple Membership not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

19 Jul

Cross-Site Request Forgery (CSRF) Vulnerabilities in All-in-One WP Migration

While trying to understand a fix made to the plugin All-in-One WP Migration for an authenticated information disclosure vulnerability discovered by “Ed from siliconforks” while looking to add it to the data set for our service we noticed that the plugin at least still contains a couple of cross-site request forgery (CSRF) vulnerabilities. The overall design of the plugin looks like it might not be properly secured, but that may be intentional for a reason we don’t fully understand.

[Read more]

11 Jul

Cross-Site Request Forgery (CSRF) Vulnerability in ARPrice Lite

The latest update of the WordPress plugin ARPrice Lite was flagged by our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. When went to look into that we found that the plugin was closed on the Plugin Directory on June 28 with no explanation given. The changelog for the version submitted since the closure is “WordPress standard changes and other bug fixes.”. A lot of the changes made are security related, but there still look to be quite a few issues.

[Read more]

10 Jul

WebARX Claims to “Protect Websites from Plugin Vulnerabilities”, but Doesn’t Even Have a Good Grasp of Them

When we mentioned the web security provider WebARX provider back in March it was in the context of their service providing less protection against a WordPress plugin vulnerability than simply keeping plugins up to date, while they made it seem otherwise. That is a pretty big issue when their service is prominently promoted with the claim that it can “Protect websites from plugin vulnerabilities”, as can be seen on their homepage:

[Read more]

09 Jul

Vulnerability Details: Cross-Site Request Forgery (CSRF) in Ultimate Member

This post provides the details of a vulnerability in the WordPress plugin Ultimate Member not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

03 Jul

Vulnerability Details: Cross-Site Request Forgery (CSRF) in WooCommerce

This post provides the details of a vulnerability in the WordPress plugin WooCommerce not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]