It looks like a hacker has recently been probing for the WordPress plugin Limb Gallery by requesting the file /wp-content/plugins/limb-gallery/js/angular-touch.min.js. In reviewing the plugin we so far haven’t found an obvious vulnerability that hackers might be interested in exploiting. That may be due to a lot of code being bunched together instead clearly separated out. Our Plugin Security Checker did identify the possibility of a less serious vulnerability, which we confirmed, so we can warn any customer of our service that are using the plugin of that vulnerability and let them know there may be a more serious issue.

The plugin runs all of is AJAX functionality through one function, grsGalleryAjax(), instead of separating it out and makes the function available to those logged in as well as those not logged in: [Read more]