25 Oct

Full Disclosure of Authenticated PHP Object Injection Vulnerability in WordPress Plugin With 50,000+ Active Installs

One of the things we have found while looking at the results of our automated tool for identifying possible security issues in WordPress plugins, the Plugin Security Checker, is that minor possible vulnerabilities that it can identify can be good indications that there are broader issues with security in a plugin. That is the case with the plugin Give, which has 50,000+ active installations according to wordpress.org.

[Read more]