25 Sep

WordPress Isn’t Allowing Users of DELUCKS SEO to Get New Version of the Plugin That Fixes Exploited Vulnerability

When it comes to the poor security surrounding WordPress plugins what we have long found so unfortunate is that it would be easy for the team running the Plugin Directory to improve the situation, but for reasons that have never made sense they continue to refuse to do things that would make a big difference and likely greatly reduce the number of websites being hacked (we and others have repeatedly offered to help them do those things).

One of the problems we have long seen is that after plugins are closed on the Plugin Directory due to vulnerabilities, even after the vulnerability has been fixed, the plugin remains closed, so those already using the plugin can’t get the updated version. This often looks to be because the team running the Plugin Directory requires more changes to be made, sometimes security related. The problem with that is that if those websites could update they would stop the possibility of the fixed vulnerability being exploited. [Read more]

21 Sep

Hackers May Already be Targeting this Persistent XSS Vulnerability in DELUCKS SEO

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There seems to be an ongoing hacker campaign exploiting previously undisclosed vulnerabilities as in the past couple of weeks there have been seven plugins that we have seen hackers newly probing for and today we saw number eight, DELUCKS SEO, for which there was probing on our website today by requesting these files:

  • /wp-content/plugins/delucks-seo/readme.txt
  • /wp-content/plugins/delucks-seo/assets/tagEditor/readme.md

In looking at the plugin we found that, like a number of the other plugins, it contains a persistent cross-site scripting (XSS) vulnerability. There appear to be other related security issues as well. [Read more]