Login

Tag Archives: Persistent Cross-Site Scripting (XSS)

1 Oct 2019

Vulnerability Details: Persistent Cross-Site Scripting (XSS) in Download Plugins and Themes from Dashboard

The changelog for the latest version of Download Plugins and Themes from Dashboard is “Fix – Settings – Security – Checking for user capability and nonce. Sanitizing and escaping data.” When we went to look into that we found that the issue was more than what might have been expected as it turned out that previously you didn’t even need to be logged in to change the plugin’s settings and through one of those persistent cross-site scripting (XSS) was possible.

[Read more]

30 Sep 2019

Vulnerability Details: Persistent Cross-Site Scripting (XSS) in Easy Pixels by JEVNET

The changelog for the latest version of Easy Pixels by JEVNET is “Security issues”. Looking at the changes made in that version we saw what looked to be sanitization added to code that handles saving the changes to settings, which could be a vulnerability depending on how the changing of settings is secured. What we found is that in some cases there was and still isn’t security when doing that and that the sanitization is still lacking, so there is still a persistent cross-site scripting (XSS) vulnerability in the plugin. We have notified the developer of that.

[Read more]

21 Sep 2019

Hackers May Already be Targeting this Persistent XSS Vulnerability in WPeMatico RSS Feed Fetcher

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There seems to be an ongoing hacker campaign exploiting previously undisclosed vulnerabilities as in the past couple of weeks there have eight plugins that we have seen hackers newly probing for and number nine is WPeMatico RSS Feed Fetcher (WPeMatico), for which there was probing on our website today by requesting these files:

  • /wp-content/plugins/wpematico/readme.md
  • /wp-content/plugins/wpematico/readme.txt
  • /wp-content/plugins/wpematico/app/js/campaign_wizard.js

In looking at the plugin we found that, like a number of the other plugins, it contains a persistent cross-site scripting (XSS) vulnerability. [Read more]

21 Sep 2019

Hackers May Already be Targeting this Persistent XSS Vulnerability in DELUCKS SEO

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There seems to be an ongoing hacker campaign exploiting previously undisclosed vulnerabilities as in the past couple of weeks there have been seven plugins that we have seen hackers newly probing for and today we saw number eight, DELUCKS SEO, for which there was probing on our website today by requesting these files:

  • /wp-content/plugins/delucks-seo/readme.txt
  • /wp-content/plugins/delucks-seo/assets/tagEditor/readme.md

In looking at the plugin we found that, like a number of the other plugins, it contains a persistent cross-site scripting (XSS) vulnerability. There appear to be other related security issues as well. [Read more]

19 Sep 2019

Vulnerability Details: Persistent Cross-Site Scripting (XSS) in Apply Online 2.0

The changelog for the latest version of Apply Online 2.0 is “Reliability, performance, and security update, Upgrade immediately.”. Looking at the changes made we found that there was a persistent cross-site scripting (XSS) vulnerability fixed in the plugin.

[Read more]

18 Sep 2019

Hackers May Already be Targeting this Persistent XSS Vulnerability in Social Metrics Tracker

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins. Last week through that we found two plugins with unfixed vulnerabilities that hackers would likely target. With a third plugin someone else had figure out what hackers would likely target before us (we are making changes to our process to improve our ability to quickly spot issues like that one). On Monday we disclosed vulnerabilities a couple more unfixed vulnerability based on plugins we saw probed earlier this week. And we are having to do that again as today we saw an apparent hacker probing for usage of the plugin Social Metrics Tracker by requesting these files:

  • /wp-content/plugins/social-metrics-tracker/readme.txt
  • /wp-content/plugins/social-metrics-tracker/js/social-metrics-tracker.js

Like a number of the previous plugins this has a number of apparent security issues. With this one there is the possibility of there being a reflected cross-site scripting (XSS) flagged by our Plugin Security Checker, but the most serious obvious vulnerably we found was a persistent cross-site scripting (XSS) vulnerability. That has was an issue with some of the previous plugins and some others had an authenticated variant of that, so that might be what hackers are looking to exploit here. [Read more]

16 Sep 2019

Hackers May Already be Targeting this Persistent XSS Vulnerability in Poll, Survey, Form & Quiz Maker by OpinionStage

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins. Last week through that we found two plugins with unfixed vulnerabilities that hackers would likely target. With a third plugin someone else had figure out what hackers would likely target before us (we are making changes to our process to improve our ability to quickly spot issues like that one). Earlier today we disclosed another unfixed vulnerability based on a plugin we saw probed for yesterday. And we are having to do that again as today we saw an apparent hacker probing for usage of the plugin Poll, Survey, Form & Quiz Maker by OpinionStage by requesting these files:

  • /wp-content/plugins/social-polls-by-opinionstage/readme.txt
  • /wp-content/plugins/social-polls-by-opinionstage/admin/js/menu-page.js
  • /wp-content/plugins/social-polls-by-opinionstage/assets/content-popup/index.js

In looking into what the hacker might be interested in exploiting in that we first found that the code is quite insecure and then in a few minutes we found a persistent cross-site scripting (XSS) vulnerability in the current version of the plugin that is similar to vulnerabilities that hackers have widely exploited recently and very similar to the vulnerability we mentioned earlier today. There look to be additional vulnerabilities, so the plugin should more thoroughly reviewed and secured before being used. [Read more]

16 Sep 2019

Hackers May Already be Targeting this Persistent XSS Vulnerability in Simple Fields

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins. Last week through that we found two plugins with unfixed vulnerabilities that hackers would likely target. With a third plugin someone else had figure out what hackers would likely target before us (we are making changes to our process to improve our ability to quickly spot issues like that one). With a new week comes another instance of this. Yesterday we had an apparent hacker probing for usage of the plugin Simple Fields, which has 10,000+ installs, by requesting the following files:

  • /wp-content/plugins/simple-fields/scripts.js
  • /wp-content/plugins/simple-fields/readme.md

In looking into what the hacker might be interested in exploiting in that we found right away that there is a persistent cross-site scripting (XSS) vulnerability in the current version of the plugin that is similar to vulnerabilities that hackers have widely exploited recently. We saw other insecure code in the plugin and there look to be additional vulnerabilities, so the plugin should more thoroughly reviewed and secured before being used. [Read more]

11 Sep 2019

Persistent Cross-Site Scripting (XSS) Vulnerability in Travelpayouts

The changelog for the last two versions of the plugin Travelpayouts is “SECURITY UPDATE please update ASAP”. When we started looking at the changes made in the older of those versions to see if there was a vulnerability we should be warning customers of our service about we noticed that it look like the fix for a vulnerability was incomplete. Looking closer we found that a related issue is unfixed and leads to a vulnerability of a type hackers would exploit, a persistent cross-site scripting (XSS) vulnerability. The quality of the plugin’s code is quite poor as the vulnerable functionality doesn’t work if try you to use it as intended, so if you are planning to use this plugin it looks like it might need a lot of work.

The plugin makes the function importCsv() accessible through WordPress’ AJAX functionality to those logged in to WordPress as well as those not logged, despite those not logged in not needing access: [Read more]

30 Aug 2019

Vulnerability Details: Persistent Cross-Site Scripting (XSS) in Formidable Forms

The idea that popular WordPress plugins are secure is often disputed by reality as has been the case with the plugin Formidable Forms, which has had its two most recent releases fix fairly serious security vulnerabilities (the next version will likely fix a less serious vulnerability). The older of those two, fixed a PHP object injection vulnerability and the more recent fixed a persistent cross-site scripting (XSS) vulnerability. In regards to that latter issue, one of the changelog entries for the latest version is “Security: Correctly escape values on the View Entry page.” There were two sets of changes that could relate to that.

[Read more]