As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using, we found that yesterday a hacker looked to be probing for usage of the plugin FileBird Lite, which has 10,000+ installs, by requesting the following files:

• /wp-content/plugins/filebird/admin/css/filebird-upload.css
• /wp-content/plugins/filebird/readme.txt
• /wp-content/plugins/filebird/admin/js/filebird-util.js

In looking into what the hacker might be interested in exploiting in that we found right away that there is an authenticated persistent cross-site scripting (XSS) vulnerability in the current version of the plugin that is similar to vulnerabilities that hackers have widely exploited recently. We saw other insecure code in the plugin and there look to be additional vulnerabilities, so the plugin should be more thoroughly reviewed and secured before being used. [Read more]