01 Sep

What Happened With WordPress Plugin Vulnerabilities in August 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during August (and what you have been missing out on if you haven’t signed up yet): Plugin [Read more]

28 Aug

Cross-Site Request Forgery (CSRF)/PHP Object Injection Vulnerability in Jayj Quicktag

We recently found that the plugin Jayj Quicktag contained a cross-site request forgery (CSRF)/PHP object injection vulnerability. The plugin’s settings page is generated with the function jayj_quicktag_options_page() in the file /jayj-quicktag.php. In that file if the POST input “jayj-quicktag-import-save” exists then the maybe_unserialize() function will be run on the POST input “jayj-quicktag-import”, which permits PHP object injection [Read more]