03 Jun

Post Deletion Vulnerability in BePro Listings

As was mentioned in more details on the post on the other vulnerability we found in the plugin BePro Listing, we recently had a request for a file from the plugin, which indicated that someone might be trying to exploit something in this plugin. While that arbitrary file upload vulnerability is probably what hackers are [Read more]

13 May

Security Tip for Developers: The is_admin() Function Doesn’t Tell You If Someone is an Administrator

One reoccurring cause of security issues in WordPress plugins is the misuse of the function is_admin().¬†Based on its name you might reasonably assume that it checks if someone is Administrator level user in WordPress and that seems to have tripped up lots of plugin developers. In reality it just “checks if the Dashboard or the [Read more]