Several days ago we had what looked to be a hacker probing for usage of a commercial WordPress plugin, Cooked Pro, on one of our websites, by the requesting the following file:
/wp-content/plugins/cooked-pro/modules/dropzone/dropzone.min.css [Read more]
Earlier this week had what looked to be a hacker probing for usage of the WordPress plugin Simple eCommerce on our website with this request:
/wp-content/plugins/simple-e-commerce-shopping-cart/readme.txt [Read more]
A new report claims that there is a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Picture Gallery. Like a lot of recent reports this isn’t really a vulnerability as the attacker would need to be logged in to WordPress as an Administrator to exploit this. But while confirming that was in fact the case, we found that there is actually a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in somewhat related code in the plugin.
With the supposed vulnerability, it involves accessing a page only accessible to those with the manage_options capability, so Administrators: [Read more]
A report of a claimed stored cross-site scripting (XSS) vulnerability in the WordPress plugin Simple Post looks like a lot of the false reports being put out there these days, but as in the case here, sometimes there is a vulnerability related to an otherwise false report.
…
As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin Live Preview for Contact Form 7 by requesting these files:
Like the previous plugins we discussed this week that look to be part of the same campaign this plugin also contains an authenticated persistent cross-site scripting (XSS) vulnerability, so that would be a likely target for the hacker. [Read more]
As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin Easy Forms for Mailchimp by requesting these files:
In a quick check over the plugin we found that it contains numerous security issues, so we would recommend the plugin should get a thorough security review before being used. Like the previous plugins we discussed this week that look to be part of the same campaign this plugin also contains an authenticated persistent cross-site scripting (XSS) vulnerability, so that would be a likely target for the hacker. Since the plugin has 100,000+ installs, it makes it more likely a hacker can find websites that allow untrusted individuals access to WordPress accounts so they can exploit it. [Read more]
As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin Advanced Post List by requesting these files:
When we started reviewing the plugin we immediately found a vulnerability that matches the type we have have seen in plugins being probed for in a similar way in the past (including the other plugin we saw probed for today), an authenticated persistent cross-site scripting (XSS) vulnerability. [Read more]
As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin IMPress for IDX Broker by requesting these files:
When we started reviewing the plugin we immediately found a vulnerability that matches the type we have have seen in plugins being probed for in a similar way in the past, an authenticated persistent cross-site scripting (XSS) vulnerability. [Read more]