10 Mar

Developer Security Advisory: CodePeople

On February 8 a report of several vulnerabilities in CodePeople’s Booking Calendar Contact Form plugin was released. While reviewing those for inclusion in our data we found that issue 5, a cross-site request forgery (CSRF) vulnerability that permitted the deleting calendar items still existed. That own its own is not major issue since someone would have [Read more]

09 Mar

Developer Security Advisory: Smackcoders

Recently four of Smackcoders plugins were to found by Rahul Pratap Singh to have reflective cross-site scripting (XSS) vulnerabilities. This type of vulnerability is not something we really see being exploited, probably due in large part due to the fact that all of the major web browsers other than Firefox have filtering that should prevent it from being successful [Read more]