21 Dec

Our Plugin Security Checker Led to Finding a File Writing Vulnerability in a WordPress Plugin with 50,000+ Installs

Yesterday we detailed an arbitrary file upload vulnerability we had noticed had previously been in the plugin LearnPress through a check being run over changes being made to WordPress plugins as part of our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities to see if that check might be something that we could add to our Plugin Security Checker, which is a tool that allows anyone to see if there are possible security issues in plugins that could use further investigation. After finding that it identified that issue in LearnPress we added the check to the Plugin Security Checker and then ran the plugin through to make sure the check was properly implemented. When we did that we found that the tool was flagging a number of other possible issues. We happened to take a look at one of the issues and find that the plugin allows writing arbitrary content to a file, which could be, say, combined with a local file inclusion (LFI) vulnerability to cause malicious code to run.

[Read more]

20 Dec

Vulnerability Details: Arbitrary File Upload In LearnPress

This Vulnerability Details post about a vulnerability in the plugin LearnPress provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]