Login

Tag Archives: Meta Box

11 Aug 2023

WordPress Plugin Security Review: Meta Box

For our 42nd security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin Meta Box.

If you are not yet a customer of the service, once you sign up for the service as a paying customer, you can start suggesting and voting on plugins to get security reviews. For those already using the service that haven’t already suggested and voted for plugins to receive a review, you can start doing that here. You can use our tool for doing limited automated security checks of plugins to see if plugins you are using have possible issues that would make them good candidates to get a review. You can also order a review of a plugin separately from our service. [Read more]

1 Feb 2019

Closures of Very Popular WordPress Plugins, Week of February 1

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

This week six of these plugins were closed and two of them has been reopened. [Read more]

1 Feb 2019

Full Disclosure of Authenticated Arbitrary File Deletion Vulnerability in WordPress Plugin with 300,000+ Installs

Yesterday we full disclosed an authenticated arbitrary file upload vulnerability in the WordPress plugin Meta Box, which has 300,000+, that we had spotted as it was introduced in to the plugin. Subsequent to that the plugin was closed on the Plugin Directory and that got flagged as part of our monitoring for the closure of any of the 1,000 most popular WordPress plugins (it has been a busy week for that, as six of them have been removed). When those plugins get closed we do a few quick security checks over the plugins to see if there might be any obvious security issue in the plugins, which we should be warning our customers about, even if that didn’t lead to the closure. In this case we knew why the plugin was closed, but we did those checks anyway, which led to us finding the plugin also contains an authenticated arbitrary file deletion vulnerability. That vulnerability looks like it was connected to the change that also introduced the authenticated arbitrary file upload vulnerability.

Due to the moderators of the WordPress Support Forum’s continued inappropriate behavior we are full disclosing vulnerabilities in protest until WordPress gets that situation cleaned up, so we are releasing this post and then only trying to notify the developer through the WordPress Support Forum. You can notify the developer of this issue on the forum as well. Hopefully the moderators will finally see the light and clean up their act soon, so these full disclosures will no longer be needed (we hope they end soon). You would think they would have already done that since a previously full disclosed vulnerability was quickly on hackers’ radar, but it appears those moderators have such disdain for the rest of the WordPress community that their continued ability to act inappropriate is more important that what is best for the rest of the community. [Read more]

31 Jan 2019

Our Proactive Monitoring Caught an Authenticated Arbitrary File Upload Vulnerability Being Introduced in to a WordPress Plugin with 300,000+ Installs

With our proactive monitoring of changes made to WordPress plugins in the Plugin Directory to try to catch serious vulnerabilities we use software to flag potentially issues (you can check plugins in the same way using our Plugin Security Checker) and then we manually to check over the code. The second part of that can take a substantial amount of time, as while sometimes the code that runs before the potentially vulnerable code is limited and tightly woven, often it isn’t. That was the case with the code that leads to an authenticated arbitrary file upload vulnerability we found had being introduced in the plugin Meta Box, which has 300,000+ installs according to wordpress.org.

Due to the moderators of the WordPress Support Forum’s continued inappropriate behavior we are full disclosing vulnerabilities in protest until WordPress gets that situation cleaned up, so we are releasing this post and then only trying to notify the developer through the WordPress Support Forum. You can notify the developer of this issue on the forum as well. Hopefully the moderators will finally see the light and clean up their act soon, so these full disclosures will no longer be needed (we hope they end soon). You would think they would have already done that since a previously full disclosed vulnerability was quickly on hackers’ radar, but it appears those moderators have such disdain for the rest of the WordPress community that their continued ability to act inappropriate is more important that what is best for the rest of the community. [Read more]