Login

Tag Archives: Persistent Cross-Site Scripting (XSS)

22 Mar 2019

Our Proactive Monitoring Caught a Restricted File Upload Vulnerability in Sooqr Search

Much like what we found with the plugin the plugin Analytics-Gtag earlier this week, our proactive monitoring of changes made to WordPress plugins in the Plugin Directory to try to catch serious vulnerabilities has caught a restricted file upload in the plugin Sooqr Search, which could most obviously be used to cause persistent cross-site scripting (XSS) since it allows arbitrary content to be written to a JavaScript file. It also could, say, be combined with a local file inclusion (LFI) vulnerability, to cause arbitrary code to be executed.

The plugin registers the function sooqr_save_javascript() to run during admin_init: [Read more]

21 Mar 2019

Full Disclosure of Settings Change/Persistent Cross-Site Scripting (XSS) Vulnerability in Social Warfare

With our proactive monitoring of changes made to WordPress plugins in the Plugin Directory to try to catch serious vulnerabilities we review a lot of code that ends up not being vulnerable, so even if the flagged code looks rather concerning it doesn’t raise a lot of concern at first for us even, if like the code flagged in the plugin Social Warfare, which we will get to in a moment, indicates there might be a very serious vulnerability. When we checked over the rest code related to the flagged code with that plugin we found that the plugin allows anyone to change the plugin’s settings and that could be used to cause persistent cross-site scripting (XSS), which is just the sort of vulnerability hackers have shown a lot of interest in recently. The plugin has 70,000+ active installations according to wordpress.org, which makes it all the more likely that would be exploited.

Our Plugin Security Checker flags the same code as possibly being vulnerable, though it gets flagged by that for a less serious issue, server-side request forgery (SSRF). [Read more]

20 Mar 2019

Our Proactive Monitoring Caught a Restricted File Upload Vulnerability Being Added to Analytics-Gtag

When it comes to our proactive monitoring of changes made to WordPress plugins in the Plugin Directory to try to catch serious vulnerabilities usually the code getting flagged by that is deep inside of other code, so confirming there is a vulnerability requires a bit of work. That wasn’t the case with the code added to the latest version of the plugin Analytics-Gtag that creates a restricted file upload vulnerability, which could most obviously be used to cause persistent cross-site scripting (XSS) since it allows arbitrary content to be written to a JavaScript file. It also could, say, be combined with a local file inclusion (LFI) vulnerability, to cause arbitrary code to be executed.

The new version of the plugin adds a file named creator.php, which will take the value of the GET input “param4”: [Read more]

21 Feb 2019

Vulnerability Details: Persistent Cross-Site Scripting (XSS) in Abandoned Cart Lite for WooCommerce

One of the changelog entries for version 5.2.0 of Abandoned Cart Lite for WooCommerce is “Added sanitization checks for checkout field capture for guest users.” Looking at the changes made in that version we found they accurately described a change that fixed a persistent cross-site scripting (XSS) vulnerability.

[Read more]

2 Nov 2018

Vulnerability Details: Reflected XSS, CSRF/XSS, and Persistent XSS Vulnerabilities in Calendar Event Multi View

From time to time a plugin is closed on the Plugin Directory for an unexplained security issue without the discoverer putting out a report on the vulnerability and we will put out a post detailing the possible vulnerability that led to that so that we can provide our customers with more complete information on the security of plugins they use.

[Read more]

25 Oct 2018

Vulnerability Details: Persistent Cross-Site Scripting (XSS) Vulnerability in QueryWall: Plug’n Play Firewall

From time to time a plugin is closed on the Plugin Directory for an unexplained security issue without the discoverer putting out a report on the vulnerability and we will put out a post detailing the possible vulnerability that lead to that so that we can provide our customers with more complete information on the security of plugins they use.

[Read more]

4 Oct 2018

Our Proactive Monitoring Caught a Restricted File Upload Vulnerability in VendorFuel

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities before they are exploited. While we have a number of automated checks that are used to try to spot the possibility of those, most of the vulnerabilities found so far have come from only two of those. Recently though another one of those caught a vulnerability in the plugin VendorFuel that allows anyone to rewrite the contents of a .css file that is part of the plugin.

The code that causes that is at the beginning of the file /admin-pages/styling.php: [Read more]