18 Mar

Vulnerability Details: PHP Object Injection in Easy WP SMTP

This Vulnerability Details post about a vulnerability in the plugin Easy WP SMTP provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

20 Nov

We Caught a PHP Object Injection Vulnerability in a WordPress Plugin with 70,000+ Installs Before It Could Possibly Be Exploited

Earlier today we noted that a security company claimed to have sat on a PHP object injection vulnerability in a WordPress plugin for nearly six months and only disclosed they knew about it until after it others had noticed and possibly after it had been exploited. Completely coincidentally during our our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities we have spotted the same kind of serious vulnerability being introduced today in to a plugin with 70,000+ active installations, Anti-Spam by CleanTalk, before anyone is using it, as the change that introduces it has not yet been applied to the version that people install.

[Read more]

15 Nov

Full Disclosure of PHP Object Injection Vulnerability in WordPress Plugin with 20,000+ Installs

Yesterday as part of our monitoring of WordPress plugins’ changelogs for indications that vulnerabilities have been fixed, so that we can add those vulnerabilities to our data set, the plugin Yet Another Stars Rating popped up. The changelog entry for the latest version of that is “FIXED: security fix”. Looking at the change made in that version that is accurate as code that prevents cross-site request forgery (CSRF) was fixed so that it would work properly. When we started to look at what might be the significance of that we noticed a more serious issue that still exists in the plugin, it is vulnerable to PHP object injection in at least one location (and probably others as well), which is a type of vulnerability that more advanced hackers have been known to exploit widely.

[Read more]

07 Nov

Vulnerability Details: PHP Object Injection Vulnerability in WP GDPR Compliance

This Vulnerability Details post about a vulnerability in the plugin WP GDPR Compliance provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

01 Nov

PHP Object Injection Vulnerability in Yet Another Related Posts Plugin (YARPP)

In our previous post we mentioned what looks to be a hacker trying to exploit a vulnerability in the plugin Yet Another Related Posts Plugin (YARPP), though one that we couldn’t see where it could do anything of note. While looking into that we noticed another security issue in the plugin, one that is of most concern if the plugin is no longer supported, which seems to be the case. It also is yet another reminder we really need to review the security of the plugins that we use since there would be multiple reasons we would have noticed this issue if we had checked over the plugin when we used it.

[Read more]

26 Oct

Full Disclosure of PHP Object Injection Vulnerability in Patreon WordPress

The unfortunate reality when it comes to WordPress plugins is that there are lots of security issues in them, so even if the people on the WordPress side of things were not working against improving security there would be lots of problems. As an example of that, when the latest version of the plugin Patreon WordPress showed up in our monitoring of changes made to plugins that might involve security vulnerabilities being fixed we found a serious vulnerability unrelated to change we then were looking into. The change made that caused it to appear on our radar doesn’t seem related to a vulnerability, but in looking into that we happened across a PHP object injection vulnerability, which is a type of vulnerability that more advanced hackers have been known to exploit widely, that is in the current version on the plugin.

[Read more]

05 Oct

The Continued Inappropriate Behavior of WordPress Has Lead to This Disclosure of an Exploitable Vulnerability in a Plugin with 30,000+ Active Installs

A lot has been going on for us recently. One of those things is that we have made a big improvement to our ability to detect the possibility of vulnerabilities being fixed in plugins, so that we can add more of them to our data set. That has lead to us reviewing code changes in more plugins and finding more vulnerabilities, which are more serious than the possible issues that might have already been fixed. That today lead to us noticing that there is a PHP object injection vulnerability, which is the type of vulnerability has been the type that more advanced hackers are likely to try exploit, in the plugin WP DSGVO Tools, which has 30,000+ active installs.

[Read more]

26 Sep

WordPress Lets Two More Plugins With Easy to Spot Exploitable Vulnerability in to the Plugin Directory

For the second day of our full disclosures of WordPress plugin vulnerabilities due to the continuing inappropriate handling of the moderation of the WordPress Support Forum we are focusing on something that relates to the larger problem when it comes to handling security by the WordPress team. Part of what makes the inappropriate moderation of the Support Forum so harmful, whether intended or not, is that it acts as an active cover up problems, which could be fixed quite easily if the people on the WordPress side of things were interested in fixing them. When they can largely cover up those problems, though, it allows those problems to instead fester since pressure doesn’t build for change since many in the WordPress community are not aware of them.

[Read more]

17 Sep

Our Proactive Monitoring Caught an Exploitable Vulnerability in Events Made Easy

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability of a type that hackers are likely to exploit if they know about it. Since the check used to spot this is also included in our Plugin Security Checker (which is accessible through a WordPress plugin of its own), it is another of reminder of how that can help to indicate which plugins are in greater need of security review (for which we do as part of our main service as well as separately).

[Read more]

09 Jul

Our Proactive Monitoring Caught a PHP Object Injection Vulnerability in Advanced Advertising System

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability of a type that hackers are likely to exploit if they know about it. Since the check used to spot this is also included in our Plugin Security Checker (which is accessible through a WordPress plugin of its own), it is another of reminder of how that can help to indicate which plugins are in greater need of security review (for which we do as part of our main service as well as separately).

[Read more]