Login

Tag Archives: Cross-Site Request Forgery (CSRF)/PHP Object Injection

9 Aug 2022

WooCommerce Extending Plugin With 100,000+ Installs Contains Authenticated Option Update Vulnerability Possibly Targeted by Hacker

Early today a topic on the support forum for the WordPress plugin WOOF, which extends WooCommerce and has 100,000+ active installations, suggesting that a security issue in might be being exploited. The poster wrote this:

Can you elaborate on what you did here for the fix? We noticed a lot of client’s had products from like other sites that were not related. Curious to know what happened if anything on your end. [Read more]

27 May 2022

Our Proactive Monitoring Caught a CSRF/PHP Object Injection Vulnerability in 1+ Million Install WordPress Plugin Ninja Forms

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Late last year we expanded on that for our customers, by running plugins used by our customers, even when code in them is not updated, through the same system on a weekly basis. We just made a significant improvement to the automated portion of that monitoring. Through that, we caught a less serious variant of one of those vulnerabilities, a cross-site request forgery (CSRF)/PHP object injection vulnerability in Ninja Forms. Which, besides being used by at least one of our customers, is used on 1+ million websites according to wordpress.org’s stats.

That Ninja Forms has yet another vulnerability isn’t surprising considering the developer’s security track record, which includes disclosing a fairly serious unfixed vulnerability last year (doing that alongside Wordfence) and still not having addressed an incorrect security fix, which we notified them about in January. [Read more]

29 Mar 2022

Despite “Manual Security Review”, Brand New WordPress Plugin Contains Multiple Vulnerabilities

Before new plugins are allowed in to WordPress’ plugin directory, they are claimed to go through a manual review:

After your plugin is manually reviewed, it will either be approved or you will be emailed and asked to provide more information and/or make corrections. [Read more]

9 Mar 2022

Our Proactive Monitoring Caught an Authenticated PHP Object Injection Vulnerability Being Introduced in to a WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of those vulnerabilities, an authenticated PHP object injection vulnerability being introduced in to the plugin Contact.

We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]

23 Nov 2021

Our Proactive Monitoring Caught an Authenticated PHP Object Injection Vulnerability Being Introduced in to WP Category Sort

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated PHP object injection vulnerability, being introduced in to the plugin WP Category Sort.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

23 Jun 2021

Our Proactive Monitoring Caught a CSRF/PHP Object Injection Vulnerability in Blocksy Companion

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a cross-site request forgery (CSRF)/PHP object injection vulnerability in the plugin Blocksy Companion.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

18 Sep 2019

Our Proactive Monitoring Caught a CSRF/PHP Object Injection Vulnerability in a WordPress Plugin with 100,000+ Installs

One of the ways we help to improve the security of WordPress plugins, not just for the customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Due to recent improvements to that we caught a cross-site request forgery (CSRF)/PHP object injection vulnerability in WP Google Map Plugin, which has 100,000+ installs.

Yesterday when discussing a vulnerability we accidentally ran across we noted that the complicated nature of the code might have help to explain how the security vulnerability came about. That seems like it could also apply to this plugin as well as the code leading to the vulnerability seems overly complicated and critical security code is more complicated than needs to be, while not functioning properly. [Read more]

30 Aug 2019

Our Proactive Monitoring Caught a CSRF/PHP Object Injection Vulnerability in Formidable Forms

One of the ways we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a cross-site request forgery (CSRF)/PHP object injection vulnerability in to the plugin Formidable Forms, which has 200,000+ installs according to wordpress.org.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

18 Mar 2019

Missed Vulnerabilities in Easy WP SMTP Show Why Checking Over Security Fixes is Important

One of the things that we do to make sure we are providing our customers with the best data on vulnerabilities in WordPress plugins they might be using is that we monitor the changelog for plugins to spot the possibility that vulnerabilities have been fixed and then we try to figure if the changes actually involve a vulnerability. In doing that we have often found that vulnerabilities have only been partially fixed or haven’t been fixed at all. That is the case with the plugin Easy WP SMTP, which has 300,000+ active installations according to wordpress.org, where we reviewed the changes made before the discoverer had put out a post on the vulnerabilities.

The changelog for the latest release of that is: [Read more]