13 Nov

Vulnerability Details: Authenticated Information Disclosure in Gallery Bank

This post provides the details of a vulnerability in the WordPress plugin Gallery Bank not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

14 Oct

WordPress Plugin Copies Security Vulnerabilities From Another Plugin

When it comes to insecure code in WordPress plugins, beyond insecure code written by the developers, we often find that the developers have included code created by others without reviewing its security first (that even has been the case with popular security plugins). Recently multiple security issues were fixed in the plugin Sliced Invoices, while looking into that we found that plugin Tradies has copied a significant amount of code from that plugin and still contains those vulnerabilities, so significant that if you try to activate Tradies with Sliced Invoices already activated (or vice versa) it won’t work because a class name is reused. While that is permitted by the GPL, there isn’t a copyright statement indicating the source of the code (which isn’t the first time we have seen that done with copied code).

As an example of the insecure code copied, let’s take a look at the code to handle exporting the plugin’s quotes and invoices. [Read more]

14 Oct

Vulnerability Details: Information Disclosure in Sliced Invoices

This post provides the details of a vulnerability in the WordPress plugin Sliced Invoices not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

11 Oct

Vulnerability Details: Information Disclosure in WP Telegram

This post provides the details of a vulnerability in the WordPress plugin WP Telegram not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

03 Oct

Vulnerability Details: Information Disclosure in Easy Digital Downloads

This post provides the details of a vulnerability in the WordPress plugin Easy Digital Downloads not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

20 Sep

Vulnerability Details: Information Disclosure in Export Users to CSV

This post provides the details of a vulnerability in the WordPress plugin Export Users to CSV not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

12 Aug

Vulnerability Details: Information Disclosure in Ninja Forms

This post provides the details of a vulnerability in the WordPress plugin Ninja Forms not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

01 Aug

Vulnerability Details: Information Disclosure in WP Shopify

This post provides the details of a vulnerability in the WordPress plugin not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

26 Jun

Vulnerability Details: Privilege Escalation in WebP Converter for Media

This post provides the details of a vulnerability in the WordPress plugin WebP Converter for Media not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

16 May

GDPR Functionality in WordPress Plugin WP Live Chat Support Allows Anyone to Download Contents of Chats Handled Through It

Yesterday Sucuri disclosed a settings change vulnerability that leads to a persistent cross-site scripting (XSS) in the plugin WP Live Chat Support, which was also fixed yesterday. That vulnerability is likely to be exploited soon. As we started looking over things while adding the vulnerabilities to our data set yesterday, so we could warn the customers of our service if they are using an impacted versions, we found that there are multiple additional security issues caused in part the same security issue that was partially fixed (yes, even the vulnerability fixed, was only actually partially fixed). There is, for example, another setting change vulnerability, though one that doesn’t look to lead to a more serious vulnerability. What stood out more for the seriousness, but also what type of functionality the vulnerability is in, is an information disclosure vulnerability that exposes chat logs and meta data related to those chats to anyone, which occurs through General Data Protection Regulation (GDPR) functionality. So functionality related to data protection does the opposite.

The GDPR functionality already was implicated in two vulnerabilities, based on the changelog entries for previous versions of the plugin: [Read more]