Login

Tag Archives: KingComposer

11 Jan 2019

Closures of Very Popular WordPress Plugins, Week of January 11

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

This week four of these plugins was closed and two have been reopened. [Read more]

7 Jan 2019

Our Plugin Security Checker Could Have Warned You About the Possibility of Vulnerabilities in a Couple of WordPress Plugins with 80,000 Installs

On Friday we noted in our post detailing a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin Ninja Forms, which has 1+ million active installations according to wordpress.org, that our Plugin Security Checker,  which is a tool that allows anyone to see if there are possible security issues in WordPress plugins that could use further investigation, had been updated to better catch that type of issues like that based on variations that existed in that plugin’s code from how things are normally done.

We were also interested in seeing if there were other popular plugins that might have similarly vulnerable code that had yet to be have been caught by anyone due those variations, so we ran the updated check from the Plugin Security Checker over the 1,000 most popular plugins in the WordPress Plugin Directory. What we found was there are a number of those plugins that look like they might be vulnerable, though most of them didn’t contain the variations, so our Plugin Security Checker would have already spotted them. [Read more]

4 Jun 2018

Trying To Determine If WordPress Plugins Are Being Exploited Is Harder When Hackers Do Odd Things

One of the things that we do to make sure our customer are getting the best protection against vulnerabilities in WordPress plugins is to do monitoring to try to spot when hackers are looking to exploit vulnerabilities in those plugins. In doing that we have found that other security companies that make extraordinary claims about protection they provide don’t do that, even one that claims to have “unmatched access to information about how hackers compromise sites”, despite their ability to provide protection being limited without knowing about vulnerabilities that are being exploited. Something else we have found is that hackers do some odd things, including trying on a large scale to exploit vulnerabilities that have never existed. When security companies are not putting in the work that particular situation can lead to situation like when Wordfence was leading people to believe that a popular plugin had a vulnerability it had never had.

One of the areas of odd activity we have been seeing a fair amount of recently has been what looks to be hackers trying to access malicious files that others hackers may have placed in modified copies of legitimate plugins. This doesn’t make a whole lot of sense since the success rate of those types of attack would be incredibly small. Looking into one recent example of that lead to us finding what looks to be attempts to exploit an unfixed vulnerability that we recently disclosed. [Read more]

16 May 2018

Our Proactive Monitoring Caught a Newly Introduced Arbitrary File Upload Vulnerability in a Plugin with 50,000+ Active Installations

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability in a fairly popular plugin, of a type that hackers are likely to exploit if they know about it. Since the check used to spot this is also included in our Plugin Security Checker (which  is now accessible through a WordPress plugin of its own), it is another of reminder of how that can help to indicate which plugins are in greater need of security review (for which we do as part of our service as well as separately).

In the plugin KingComposer, which has 50,000+ active installations according to wordpress.org, version 2.7 introduced functionality for uploading extensions. That functionality is accessible to anyone, even those without access to admin page that is intended to be initiated from. That currently allows uploading arbitrary files, including malicious files, if the Extensions admin page of the plugin has ever been visited prior to the attempted exploitation. [Read more]