One of the things we do to make sure our customers have the best data on vulnerabilities in WordPress plugins is to monitor third party data on hacking attempts. Through that we recently came across a request for a file, /wp-content/plugins/social-sharing/js/admin.js, from the plugin Easy Social Sharing, not to be confused with another Easy Social Sharing. That plugin is no longer in the WordPress Plugin Directory, which could have been due to it being removed for a security issue.

What we found when looking into this shows one problem that there is when trying to find a vulnerability that hackers might be targeting in a plugin, the vulnerabilities they target don’t always exist. Strangely it looks like some hackers don’t actual test out vulnerabilities before trying to exploit them on a large scale. For example, last April we looked at one instance where a fairly obvious false report of a vulnerability still lead to exploitation attempts. In this case the vulnerability actually exists, it just would usually not be exploitable, which we will get to in a moment. [Read more]