12 Aug

Vulnerability Details: PHP Object Injection in Formidable Forms

This post provides the details of a vulnerability in the WordPress plugin Formidable Forms not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

01 Dec

What Happened With WordPress Plugin Vulnerabilities in November 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

[Read more]

09 Nov

Properly Limiting Access to AJAX Accessible Functions Can Prevent Insecure Code from Being Exploited in WordPress Plugins

We recently introduced a tool for doing limited automated security checks of WordPress plugins. In putting that together we have tried to strike a balance between warning about enough possible issues to effectively identify real issues and trying to limit unnecessarily warning about things that are not real issues. That isn’t easy because most security vulnerabilities are not easy to spot, if they were, they likely would have been fixed by now and security wouldn’t be a big issue.

[Read more]

09 Nov

Vulnerability Details: Shortcode Execution Vulnerability in Formidable Forms

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

[Read more]