Login

Tag Archives: Instagram Gallery

19 Feb 2019

Vulnerability Details: Cross-Site Request Forgery (CSRF) in Instagram Gallery

A month ago we noted that through monitoring we do we had noticed that one of the 1,000 most popular WordPress plugins, Instagram Gallery, had been closed. At the time we noted that a reason for the closure hadn’t been given and we didn’t find any obvious security issues. Once plugins like that one are closed we track if the plugin has been updated so that we can see if any security changes have subsequently been made. That occurred today, though it isn’t clear if that security issue being fixed was related to the closure and the plugin remains closed at the moment.

[Read more]

18 Jan 2019

Closures of Very Popular WordPress Plugins, Week of January 18

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

This week three of these plugins was closed and none of them have been reopened. [Read more]