Larry W. Cashdollar

Vulnerability Details: Reflected XSS, CSRF/XSS, and Persistent XSS Vulnerabilities in Calendar Event Multi View

_{From time to time a plugin is closed on the Plugin Directory for an unexplained security issue without the discoverer putting out a report on the vulnerability and we will put out a post detailing the possible vulnerability that led to that so that we can provide our customers with more complete information on the security of plugins they use.}

…

[Read more]

Security Issues Related to jQuery File Upload Not Unknown To InfoSec Community As Security Journalists Claim

We generally avoid following news coverage of web security since it is of such poor quality and when we do have to look at examples of it due to a news alert we have to keep track of vulnerabilities in WordPress that view is reinforced. Take this post on ZDNet’s Zero Day blog, “Zero-day in popular jQuery plugin actively exploited for at least three years“, by Catalin Cimpanu, which makes this claim:

It is pretty clear from the videos that the vulnerability was widely known to hackers, even if it remained a mystery for the infosec community. [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Larry W. Cashdollar

Vulnerability Details: Reflected XSS, CSRF/XSS, and Persistent XSS Vulnerabilities in Calendar Event Multi View

Security Issues Related to jQuery File Upload Not Unknown To InfoSec Community As Security Journalists Claim