22 Jul

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Arbitrary File Upload in WP SVG Icons

This post provides the details of a vulnerability in the WordPress plugin WP SVG Icons not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

01 Jul

Vulnerability Details: Arbitrary File Upload in Insert or Embed Articulate Content into WordPress

This post provides the details of a vulnerability in the WordPress plugin Insert or Embed Articulate Content into WordPress not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

28 Jun

Our Proactive Monitoring Caught an Authenticated Arbitrary File Upload Vulnerability in the WordPress Plugin MapSVG Lite

If you were already using our service you would know that the plugin MapSVG Lite isn’t secure as there was unfixed vulnerability disclosed at the beginning of the year. If you were relying on other data sources there is good chance you wouldn’t know that since the ultimate source of a lot of those, the WPScan Vulnerability Database, claims that it was fixed:

[Read more]

11 Jun

Our Proactive Monitoring Caught a CSRF/Arbitrary File Upload Vulnerability in a WordPress Security Plugin

When it comes to WordPress security plugins, not only do they often not provide much, if any, security against threats that really impact a website, but they can actually introduce security vulnerabilities of their own. That is the case with the plugin LionScripts: IP Blocker Lite, which is described as:

[Read more]

05 Jun

Vulnerability Details: Authenticated Arbitrary File Upload in Crelly Slider

This post provides the details of a vulnerability in the WordPress plugin Crelly Slider not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

29 Jan

Our Proactive Monitoring Caught a CSRF/Arbitrary File Upload Vulnerability in a WordPress Plugin with 70,000+ Installs

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a less serious variant of an arbitrary file upload vulnerability in a plugin with 70,000+ installs, Slider by 10Web. The vulnerability could allow an attacker that could get a logged in Administrator to access a page they control to upload a malicious file to a website and then they could take any action they wanted with the website.

[Read more]

03 Dec

Our Proactive Monitoring Caught a CSRF/Arbitrary File Upload Vulnerability in Security Related WordPress Plugin

A few weeks ago we full disclosed a fairly serious vulnerability in a security plugin with 70,000+ installs designed to log WordPress user activity (probably in large due part to the people on the WordPress side of things, that vulnerability hasn’t been fixed so far), through our our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities we run across another logging plugin, WatchMan-Site7, that has a vulnerability of its own. Through the vulnerability an attacker that could get a logged in Administrator to access a page they control could cause a malicious file to be uploaded on the website and from they could almost anything with the website.

[Read more]

09 Oct

The WordPress Plugin Directory Team Should Spend Their Time Avoiding Issues Like This Instead of Acting Inappropriately as Forum Moderators

On day two of our doing  full disclosures of WordPress plugin vulnerabilities until the  inappropriate handling of the moderation of the WordPress Support Forum is cleaned up we disclosed a couple of easily spottable exploitable vulnerabilities that were in brand new plugins. As we noted then that shouldn’t be happening since there is supposed to be a manual security review as part of larger manual review of new plugins before they are allowed in the Plugin Directory. Either these reviews are not happening, which seems possible (for a number of reasons), or the security review is a failure at a basic level. If it is the latter we have offered to help improve the process, but we have never been taken up on that.

[Read more]

14 Sep

Our Proactive Monitoring Caught an Authenticated Arbitrary File Upload Vulnerability in Advanced Contact form 7 DB

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities before they are exploited. That sometimes leads to us catching a vulnerability of a more limited variant of one of those serious vulnerability types, which isn’t as much concern for the average website, but could be utilized in a targeted attack. That happened with the authenticated arbitrary file upload vulnerability we found was introduced in the most recent version of the plugin Advanced Contact form 7 DB.

[Read more]

02 Jul

Our Proactive Monitoring Caught a Cross-Site Request Forgery (CSRF)/Arbitrary File Upload Vulnerability in wpShopGermany Free

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That sometimes leads to us catching a vulnerability of a more limited variant of one of those serious vulnerability types, which isn’t as much concern for the average website, but could be utilized in a targeted attack. That happened with the cross-site request forgery (CSRF)/arbitrary file upload vulnerability we found in the plugin wpShopGermany Free. This vulnerability could have allowed an attacker that could get a logged in Administrator to visit a URL the attacker controls, to unintentionally upload arbitrary files.

[Read more]