06 Nov

Vulnerability Details: Privilege Escalation in CartFlows

This post provides the details of a vulnerability in the WordPress plugin CartFlows not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

05 Nov

Vulnerability Details: Cross-Site Request Forgery (CSRF) in Tidio Chat

This post provides the details of a vulnerability in the WordPress plugin Tidio Chat not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

01 Nov

Recently Closed WordPress Plugin with 80,000+ Installs Contains CSRF Vulnerability

The plugin Snazzy Maps was closed on the WordPress Plugin Directory on Wednesday. That is one of the 1,000 most popular plugins with 80,000+ installs, so we were alerted to its closure. While we were looking in to the plugin to see if there were any serious vulnerabilities we should be warning users of the plugin that also use our service, we found that it contains a cross-site request forgery (CSRF) vulnerability.

The plugin makes its admin page accessible to those with the “manage_options” capability, so Administrators: [Read more]

06 Sep

Vulnerability Details: Cross-Site Request Forgery (CSRF) in Swift Landing Page

This post provides the details of a vulnerability in the WordPress plugin Swift Landing Page not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

06 Sep

Cross-Site Request Forgery (CSRF) Vulnerability in Formidable Forms

The three most recent releases of the plugin Formidable Forms have all fixed security vulnerabilities, which isn’t a great sign for a plugin with 200,000+ installs. The oldest fixed a PHP object injection vulnerability, the next release fixed a persistent cross-site scripting (XSS) vulnerability, and the most recent version fixed a cross-site request forgery (CSRF)/PHP objection injection vulnerability we spotted through our proactive monitoring of changes made to plugins to try catch serious vulnerabilities as they are introduced in to plugins. The next release likely is going to fix yet another vulnerability as we noticed yet another vulnerability when we were looking into the details of the persistent XSS vulnerability having been fixed, which also seems connected to the vulnerability we previously found and disclosed.

The vulnerability in this case could allow an attacker to cause entry submissions for the plugin’s forms to be deleted without the person directly causing the deletion to intend it, which is referred to as cross-site request forgery (CSRF). [Read more]

30 Aug

Vulnerability Details: Cross-Site Request Forgery (CSRF)/SQL Injection in WooCommerce Live Checkout Field Capture

This post provides the details of a vulnerability in the WordPress plugin WooCommerce Live Checkout Field Capture not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

26 Aug

Vulnerability Details: Cross-Site Request Forgery (CSRF) in WooCommerce Address Book

This post provides the details of a vulnerability in the WordPress plugin WooCommerce Address Book not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

23 Aug

Automattic Has a lot of Work to do on the Security of the Zero BS WordPress CRM Plugin

A couple of months ago we discussed Automattic’s concern or lack thereof for the security of WordPress plugins in the context of them causing an insecure plugin from Facebook to be installed on websites using their WooCommerce plugin. A week ago it was announced they had purchased the plugin Zero BS WordPress CRM. After seeing that we started to take a quick look over the security of the plugin, but we didn’t get far in to that before finding the plugin has some obvious security issues.

As one quick example of the insecurity, we found that someone that could get a logged in Administrator to click a link, say one left in a comment on the website, could cause all of the plugin’s data to be deleted, which is pretty big issue for a CRM plugin. So it would appear that Automattic didn’t do security due diligence of the plugin before the purchase, considering if they had, they should have reported the issues to the developer and they should have been fixed by now. [Read more]

16 Aug

Cross-Site Request Forgery (CSRF) Vulnerability in Post SMTP

As part of the security review of the plugin Post SMTP that we did after it was selected for a review by our customers we found the plugin contains a cross-site request forgery (CSRF) vulnerability that would cause all of the plugin’s email logging to be deleted.

The plugin’s Email Log admin page is accessible to those with the plugin’s MANAGE_POSTMAN_CAPABILITY_LOGS: [Read more]

12 Aug

Vulnerability Details: Privilege Escalation in WP Social Feed Gallery

This post provides the details of a vulnerability in the WordPress plugin WP Social Feed Gallery not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]