04 Oct

Old Vulnerability Report: Arbitrary File Upload Vulnerability in 360 Product Rotation

One of the things that we do to provide our customers with the best data on WordPress plugin vulnerabilities is to monitor third party data on hacking attempts. That sometimes leads us to finding what looks to be exploitation of vulnerabilities that a hacker has just discovered in the current version of a plugin. In other cases it shows old vulnerabilities that hackers are still trying to exploit. We recently spotted an attempt to exploit an arbitrary file upload vulnerability in older versions of the plugin 360 Product Rotation. We couldn’t find a page that describes the issue to link to for our data on the vulnerability, so here are the details.

[Read more]

11 Jul

Old Vulnerability Report: Arbitrary File Upload Vulnerability in PitchPrint

One of the things that we recently started doing to better keep track of the  plugin vulnerabilities out there is to monitor third party data on hacking attempts. That sometimes leads us to finding what looks to be exploitation of vulnerabilities that a hacker has just discovered in the current version of a plugin. In other cases it shows old vulnerabilities that hackers are still trying to exploit. We have recently spotted an attempt to exploit an arbitrary file upload vulnerability in older versions of the plugin PitchPrint. We couldn’t find a page that clearly described the issue to link to for our data on the vulnerability, so here are the details.

[Read more]

22 Jun

Old Vulnerability Report: Arbitrary File Viewing Vulnerability in Cherry Plugin

One of the things that we do to keep track of the  plugin vulnerabilities out there is to monitor hacking attempts on our websites. That sometimes leads us to finding what looks to be exploitation of vulnerabilities that a hacker has just discovered. In other cases it shows really old vulnerabilities that hackers are still trying to exploit. We have recently had some attempts to exploit a couple of vulnerabilities in older versions of the plugin Cherry Plugin. One was an arbitrary file upload vulnerability mentioned here and the other was an arbitrary file viewing vulnerability that we couldn’t find any prior mention of.

[Read more]

08 Jun

Old Vulnerability Report: Arbitrary File Upload in Royal Gallery

Yesterday we released posts for vulnerabilities in 16 plugins, which all shared the same code that allowed anyone access to functions only intended to be accessible to Administrator level users. For two of those plugins though the most serious vulnerability permitted by this did not exist. That vulnerability was the ability to upload arbitrary files, which could allow a hacker to upload .php file and then use that to perform any action they want on the website.

[Read more]

31 May

Old Vulnerability Report: Arbitrary File Upload in Magic Fields

One of the things that we do to keep track of the  plugin vulnerabilities out there is to monitor hacking attempts on our websites. That sometimes leads us to finding what looks to be exploitation of vulnerabilities that a hacker has just discovered. In other cases it shows really old vulnerabilities that hackers are still trying to exploit. We have recently had some requests for a file from the plugin Magic Fields:

[Read more]