Essential Real Estate

NinjaFirewall’s Rule For Vulnerability Doesn’t Really Add Much Protection

We recently looked at yet another example of the limited value that rules written for specific WordPress plugin vulnerabilities offered with the Wordfence Security plugin. But what about the other firewall plugin that has rules being written for it, NinjaFirewall? In looking at the latest rule added to that, we found rules for that can also be of limited value. This highlights the importance of general protection, as opposed to rules written for specific vulnerabilities. Something that both plugins are not focusing on enough, though, NinjaFirewall has done a better job on.

Here is the rule data for NinjaFirewall’s latest rule: [Read more]

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Essential Real Estate

Several of the recent Subversion log entries for the plugin Essential Real Estate are “Fix error Reflected XSS”. The plugin was closed on the Plugin Directory on Friday, possible due to that. Looking at the changes made we found there was escaping code added numerous places, so we ran the previous version of the plugin through our Plugin Security Checker toll to see if it would identity any possible of reflected cross-site scripting (XSS) that we could check to see if they were fixed. We found that the first possible instance identified by our tool was exploitable and was fixed in the new version.

…

[Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Essential Real Estate

NinjaFirewall’s Rule For Vulnerability Doesn’t Really Add Much Protection

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Essential Real Estate