Login

Tag Archives: Google Maps Widget

2 Aug 2019

Closures of Very Popular WordPress Plugins, Week of August 2

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

This week three of those plugins were closed and one of them have not been reopened. [Read more]

2 Aug 2019

WordPress Plugin Directory Team Missed Settings Change Vulnerability in Maps Widget for Google Maps

Earlier this week one of the most popular WordPress plugins, Maps Widget for Google Maps, which has 100,000+ installs, was closed on the Plugin Directory and then reopened after the name was changed (it was previously Google Maps Widget) and security changes were made. One of the security changes doesn’t really make sense to us. In the file /gmw-tracking.php this line was changed:

62

if (isset($_GET['gmw_tracking']) && $_GET['gmw_tracking'] == 'opt_in') {
30 Nov 2018

Closures of Very Popular WordPress Plugins, Week of November 30

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

This week three of those plugins were closed and then reopened. One of three was closed due to a vulnerability and another was closed due the security of the plugin, though there doesn’t appear to be any vulnerabilities related to that. That two thirds of those were for security issues is out of line with a broader claim made just today by a member of the team that handles the plugin that claimed that “most of the time when a plugin is delisted, it is not for a security issue.”. [Read more]

26 Nov 2018

Our Plugin Security Checker Now Identifies the Possibility of Vulnerabilities Like This One in a WordPress Plugin with 100,000+ Installs

We often find that the various things that we do lead to improvements in other things we do. That just came up in something that we started looking into while working on a security review of a WordPress plugin chosen by our customers that has led to an improvement in our automated tool for detecting possible security issues in WordPress plugins, the Plugin Security Checker. While looking at code in the plugin we were checking over for one reason we noticed the possibility of an open redirect vulnerability might be in the code, because of the specifics of the code that seems unlikely to be exploited, but it doesn’t look like the code was actually being used (which has been a reoccurring thing we have noticed when looking at possible vulnerable code recently). An open redirect vulnerability allows a request to one page to be redirected to an arbitrary URL, which is something spammers have been known to abuse. After seeing that code we got the idea of possibly adding a check for code similar to our Plugin Security Checker.

In doing due diligence before adding that code we took a look over the 1,000 most popular plugins available in the Plugin Directory to see what the check might pick up. We found that over 10 plugins were flagged by that. In many case it looks like those plugins should actually being using a different function that would avoid the issue. Let’s look at an example where we confirmed that there is in fact a vulnerability, though only exploitable against anyone logged in to WordPress. That would limit its usefulness to spammer, but it could be used to disguise that a hacker is trying to get a logged in user to click a link that takes them to another website that in turns causes that logged in user to exploit another vulnerability without intending it. [Read more]