Login

Tag Archives: FiboSearch

20 May 2022

Not Really a WordPress Plugin Vulnerability, Week of May 20

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports, we release posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular, are items that are not outright false, just the issue is probably more accurately described as a bug. For those that don’t rise to the level of getting their own post, we now place them in a weekly post when we come across them.

Admin+ Reflected Cross-Site Scripting in Smush

A couple of weeks ago Automattic’s WPScan claimed that the plugin Smush had contained an admin+ reflected cross-site scripting vulnerability that involves somehow getting an Administrator to upload a file to their website: [Read more]

1 Mar 2022

WordPress Plugin Security Review: FiboSearch

For our 39th security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin FiboSearch.

If you are not yet a customer of the service, once you sign up for the service as a paying customer, you can start suggesting and voting on plugins to get security reviews. For those already using the service that haven’t already suggested and voted for plugins to receive a review, you can start doing that here. You can use our tool for doing limited automated security checks of plugins to see if plugins you are using have possible issues that would make them good candidates to get a review. You can also order a review of a plugin separately from our service. [Read more]