15 Feb

A Doubly Bad Way to Check if Your WordPress Website Uses Plugins With Known Vulnerabilities

One of the many problems with the security industry is the use of ineffective solutions to tackle various tasks when much more effective solutions are readily available. While some of the usage of those less effective solutions may be necessary due the particulars of a situation, it seems that most usage is due to people […]

01 Dec

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Special Text Boxes

Recently the web scanner service Detectify has been vaguely disclosing minor vulnerabilities in a number of WordPress plugins. It seems like they are aware that they could notify the developers of these, but usually haven’t been doing it. One of the more recent batch was an “Authenticated XSS” vulnerability in the plugin Special Text Boxes. In a previous […]

01 Dec

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Special Text Boxes

Recently the web scanner service Detectify has been vaguely disclosing minor vulnerabilities in a number of WordPress plugins. It seems like they are aware that they could notify the developers of these, but usually haven’t been doing it. One of the more recent batch was an “Authenticated XSS” vulnerability in the plugin Special Text Boxes. Based on the […]

02 Nov

Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in WP Fastest Cache

One of the strangest experiences we have had with trying to get a vulnerability fixed involved the plugin WP Fastest Cache. After we had dug into the details that Wordfence failed to include when they disclosed a couple of vulnerabilities in that plugin, we noticed they had missed part of the vulnerabilities (which would be a […]

01 Nov

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Pretty Links (Lite)

About a month ago we noted that the security scanner service Detectify seemed to have disclosed a number of unfixed reflected cross-site scripting (XSS) vulnerabilities in WordPress plugins that the developers may not have been notified of. One of those was in the plugin Pretty Links (Lite). It looks like the vulnerability that might be referred […]

23 Oct

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Popup by Supsystic

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. Recently the web scanner service Detectify has been vaguely disclosing […]

20 Oct

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Duplicate Page

Recently the security scanner service Detectify seems to have disclosed a number of unfixed reflected cross-site scripting (XSS) vulnerabilities in WordPress plugins that the developers may not have been notified of. We are still in the process of going through those, but so far we found that not only had some of the developers not been […]

20 Oct

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Use Any Font

Recently the web scanner service Detectify has been vaguely disclosing minor vulnerabilities in a number of WordPress plugins. It seems like they are aware that they could notify the developer of these, but usually haven’t been doing it. One of the more recent batch was a cross-site request forgery (CSRF) vulnerability in the plugin Use Any […]

19 Oct

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WP-Members

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. Recently the web scanner service Detectify has been vaguely disclosing […]

17 Oct

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Max Mega Menu

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. Recently the web scanner service Detectify has been vaguely disclosing […]