Login

Tag Archives: Manage Notification E-mails

16 Feb 2024

How Our Customers Helped Make WordPress Plugins More Secure, Week of February 16

Our customers provide us with the ability to help make WordPress plugins more secure. Mostly, with plugins they use, but to a lesser extent other plugins. That work often goes unmentioned. So we are highlighting that to help to better understand what is going on and how signing up for our service can help to expand that work.

Cross-Site Request Forgery (CSRF) Vulnerability Fixed in Formidable Forms

In January, we found that the developers of the 300,000+ install Formidable Forms had incompletely addressed an issue with cross-site request forgery (CSRF) in the plugin. We found that because at least one of our customers was using the plugin and there was a new version released that suggested there might be a fix for that type of issue. Earlier this week, the developer release an update that fixed the remaining issue. [Read more]

15 Feb 2024

Information Disclosure Vulnerability in Manage Notification E-mails

One of the changelog entries for the latest version of the WordPress plugin Manage Notification E-mails is “FIXED: Medium vulnerability in settings module. Thanks to Wordfence for reporting this.” Looking at the changes made in that version, we found that the new version restricted access to exporting the plugin’s settings to users with the manage_options capability, so Administrators. Previously even those not logged in to WordPress could do that, as the proof of concept below confirms.

[Read more]