02 Aug

Vulnerability Details: Option Update in Plugins By Nicdark

This post provides the details of a vulnerability in the WordPress plugin ND Booking not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

25 Jul

Vulnerability Details: Option Update in ND Shortcodes (ND Shortcodes For Visual Composer)

This post provides the details of a vulnerability in the WordPress plugin ND Shortcodes not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

18 Mar

Vulnerability Details: Option Update Vulnerability in Easy WP SMTP

This post provides the details of a vulnerability in the WordPress plugin Easy WP SMTP not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

11 Mar

Full Disclosure of Option Update Vulnerability in Woocommerce User Email Verification

On Friday we detailed a privilege escalation vulnerability in the plugin Woocommerce User Email Verification. While that is a very bad security vulnerability in terms of what could be done with it, it at least could be seen as mistake as opposed to a failure to handle security in a fundamental way. That can’t be said about an option update vulnerability our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities spotted in the plugin at the same time.

The plugin registers the function save_tab_settings() to run during init, so when WordPress is loading: [Read more]

08 Nov

Vulnerability Details: Option Update Vulnerability in WP GDPR Compliance

This post provides the details of a vulnerability in the WordPress plugin WP GDPR Compliance not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

18 Jul

Option Update Vulnerability in Form Lightbox

Recently, what has probably been the most important way we have been finding new vulnerabilities in WordPress plugins, so that we can notify our customers and they can take appropriate measure to protect themselves, has been by monitoring our websites for what looks to be probing for the usage of plugins. That usually indicates that a hacker is looking to exploit a vulnerability. Yesterday we had requests across our websites for the file /wp-content/plugins/form-lightbox/colorbox/style-1/colorbox.css, which is part of the plugin Form Lightbox and according to wordpress.org it has 10,000+ active installs.

A quick look through the plugin’s files for what would be of interest to hackers brought us to the file /ajax.php. That file starts up WordPress and then allows the requester to update and delete WordPress options: [Read more]