15 Nov

Full Disclosure of PHP Object Injection Vulnerability in WordPress Plugin with 20,000+ Installs

Yesterday as part of our monitoring of WordPress plugins’ changelogs for indications that vulnerabilities have been fixed, so that we can add those vulnerabilities to our data set, the plugin Yet Another Stars Rating popped up. The changelog entry for the latest version of that is “FIXED: security fix”. Looking at the change made in that [Read more]

07 Nov

Vulnerability Details: PHP Object Injection Vulnerability in WP GDPR Compliance

This Vulnerability Details post about a vulnerability in the plugin WP GDPR Compliance provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered and are freely available.For existing customers, please log in to your account to view [Read more]

01 Nov

PHP Object Injection Vulnerability in Yet Another Related Posts Plugin (YARPP)

In our previous post we mentioned what looks to be a hacker trying to exploit a vulnerability in the plugin Yet Another Related Posts Plugin (YARPP), though one that we couldn’t see where it could do anything of note. While looking into that we noticed another security issue in the plugin, one that is of most [Read more]

26 Oct

Full Disclosure of PHP Object Injection Vulnerability in Patreon WordPress

The unfortunate reality when it comes to WordPress plugins is that there are lots of security issues in them, so even if the people on the WordPress side of things were not working against improving security there would be lots of problems. As an example of that, when the latest version of the plugin Patreon WordPress showed [Read more]

05 Oct

The Continued Inappropriate Behavior of WordPress Has Lead to This Disclosure of an Exploitable Vulnerability in a Plugin with 30,000+ Active Installs

A lot has been going on for us recently. One of those things is that we have made a big improvement to our ability to detect the possibility of vulnerabilities being fixed in plugins, so that we can add more of them to our data set. That has lead to us reviewing code changes in [Read more]

26 Sep

WordPress Lets Two More Plugins With Easy to Spot Exploitable Vulnerability in to the Plugin Directory

For the second day of our full disclosures of WordPress plugin vulnerabilities due to the continuing inappropriate handling of the moderation of the WordPress Support Forum we are focusing on something that relates to the larger problem when it comes to handling security by the WordPress team. Part of what makes the inappropriate moderation of [Read more]

17 Sep

Our Proactive Monitoring Caught an Exploitable Vulnerability in Events Made Easy

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability of a type that hackers [Read more]

09 Jul

Our Proactive Monitoring Caught a PHP Object Injection Vulnerability in Advanced Advertising System

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability of a type that hackers [Read more]

09 Jul

Our Proactive Monitoring Caught a PHP Object Injection Vulnerability in Giveaway Boost

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability of a type that hackers [Read more]

25 May

Our Proactive Monitoring Caught a PHP Object Injection Vulnerability in WordPress Survey & Poll

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability of a type that hackers [Read more]