One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a fairly serious vulnerability being introduced in to the plugin Delicious Recipes, an authenticated arbitrary file upload vulnerability.

The cause of this is a lack restriction on what types of files can be upload through the plugin’s functionality to upload a profile photo. The function upload_profile_image() in the file /src/dashboard/class-delicious-recipes-form-handler.php handles the AJAX request for that: [Read more]