Over the weekend, we saw one of the usual hackers probing for usage of WordPress plugins, probing for usage a plugin named Export Import Menus. That plugin was closed on the WordPress Plugin Directory on September 12, with no explanation for the closure. Before it was closed, WordPress listed it as having 10,000+ active installs. Upon seeing that, what we needed to figure out is what a hacker might be interested in exploiting in that and is that an already known issue. These days, hackers often target vulnerabilities being disclosed by other plugin vulnerability data providers. There was a recently disclosed vulnerability in the plugin, but one that wouldn’t be of much interest to hackers. With further checking, we found the vulnerability is actually much more serious than was claimed by other providers and would likely be a target for hackers.

If the team running the WordPress Plugin Directory had known about the severity of the vulnerability, they could and should have pushed out a fix for the vulnerability before a hacker started targeting the plugin. They also could have forced out an update to address it. Fixing it enough to prevent exploitation would have been very easy. It only takes two lines, which we show below. With the inaccurate information provided by other providers, though they wouldn’t know that this was a serious issue. [Read more]