As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin IMPress for IDX Broker by requesting these files:

• /wp-content/plugins/idx-broker-platinum/readme.txt
• /wp-content/plugins/idx-broker-platinum/assets/js/idx-leads.js
• /wp-content/plugins/idx-broker-platinum/assets/css/idx-admin.css

When we started reviewing the plugin we immediately found a vulnerability that matches the type we have have seen in plugins being probed for in a similar way in the past, an authenticated persistent cross-site scripting (XSS) vulnerability. [Read more]