01 Apr

Cross-Site Request Forgery (CSRF) Vulnerability in 404page

The plugin 404page was closed on the WordPress Plugin Directory on Saturday. As that is one of 1,000 most popular plugins our systems alerted us to its removal and then we checked things over to see if there was a security issue that might have led to it being removed. While no reason had been given for its removal, in a quick check we found a minor, but rather nasty vulnerability that could an attacker to cause WordPress users to disable their access to the website without intending it. We then used WPDirectory to see if other plugins might have similar code and found that a number of other plugins by the same developer do. Subsequently to us doing that, the vulnerability was fixed in 404page and then subsequently that was credited to Julio Potier, so it appears that was the cause of the closure, but the other plugins have not been fixed yet.

[Read more]

18 Mar

Vulnerability Details: Cross-Site Request Forgery (CSRF) in Rate my Post – WP Post Rating

This Vulnerability Details post about a vulnerability in the plugin Rate my Post – WP Post Rating provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

19 Feb

Vulnerability Details: Cross-Site Request Forgery (CSRF) in Instagram Gallery

This Vulnerability Details post about a vulnerability in the plugin Instagram Gallery provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

22 Jan

Vulnerability Details: Cross-Site Request Forgery (CSRF) in Campaign URL Builder

This Vulnerability Details post about a vulnerability in the plugin Campaign URL Builder provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

18 Dec

Vulnerability Details: Privilege Escalation in Under Construction 

This Vulnerability Details post about a vulnerability in the plugin Under Construction provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

27 Nov

Developer of WordPress Security Plugin Fails to Implement Basic Security Checks in Another of Their Plugins

If you were not too familiar with the security industry you would probably assume that if a company is the developer of a WordPress security plugin then other plugins they make would be quite secure. That turns out to not be the case with the developer of the Security Ninja plugin. Yesterday we full disclosed a minor vulnerability in one their other plugins, Google Maps Widget, which has 100,000+ installs according to WordPress.org. Then today we saw that they fixed a similar issue in another of their plugins, Minimal Coming Soon & Maintenance Mode, which has 60,000+ installs. In a reminder of how insecure some plugins are (even if the developer also has a security plugin), when we looked at the code being changed to fix that we noticed that in the same function there is another more serious vulnerability, one that wasn’t fixed.

[Read more]

04 Oct

Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in Pym.js Embeds

This Vulnerability Details posts provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service.If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

06 Sep

Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in Slider Hero

This Vulnerability Details post about a vulnerability in the plugin Slider Hero provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

30 Apr

Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in Page and Post Clone

This Vulnerability Details posts provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service.If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

05 Apr

Real World Result of RIPS Code Analysis Service Doesn’t Match Hyperbolic Marketing of It

Recently there was claim made that an authenticated SQL injection vulnerability had been fixed in the plugin Custom Permalinks. In looking into that though we found that it was only accessible to Administrators, who would already normally have the capability to do the equivalent of SQL injection, so that wouldn’t really be a vulnerability. What seems notable about this is that the claim of the vulnerability came from the maker of an automated security tool that is marketed out of line with the actual result shown by that vulnerability claim.

[Read more]