Through the proactive monitoring of changes in WordPress plugins for serious vulnerabilities we do, we recently found a PHP object injection vulnerability in the TAKETIN To WP Membership plugin.
In the file /classes/taketin-mp-utils.php the function getMessage() as of version 1.2.7 would unserialize the value of the cookie “taketin_mp_error”, which permitted PHP object injection: [Read more]
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
…
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
…
We recently started proactively monitoring for evidence of some high risk vulnerabilities when changes are made to WordPress plugins and if we had more customers we could expand the proactive monitoring to more types of vulnerabilities. One of the types of vulnerabilities we are looking for are PHP object injection vulnerabilities since those are likely to be exploited if hackers become aware of them. Through that we came across a PHP object injection vulnerability in the Email Verification module of the plugin Booster for WooCommerce.
When the Email Verification modules is enabled (it and all of the other modules are disabled by default) the function process_email_verification() in the file /includes/class-wcj-emails-verification.php is run during init: [Read more]
Recently we found that the plugin VideoWhisper Live Streaming contained a PHP object injection vulnerability.
The plugin makes the function vwls_calls() available through WordPress’ AJAX functionality whether the requester is logged in to WordPress or not (in the file /videowhisper_streaming.php ): [Read more]
When it comes to advice on improving the security of a WordPress websites the recommendation is often to install some security plugin. We have yet to see this advice paired with evidence that the security plugin in question is effective at providing protection. In our testing of them to see if security plugins can protect against real vulnerabilities in other plugins, which seems to be about the only testing ever done, the results haven’t been good. Having a false sense of security isn’t good, since it may lead to failing doing things that will actually protect a website, but using security plugins can have a much worse consequence, it can lead to your website being hacked.
We recently have been going through some data on possible PHP object injection vulnerabilities in WordPress plugins and one of the reports from that indicated the possibility of that type of vulnerability in the security plugin WP Smart Security. A quick check confirmed that there was in fact that type of vulnerability in this plugin. That type of vulnerability has been exploited on fairly wide-scale in the last year, so using this plugin could open the website using it to being hacked. [Read more]
We recently started proactively monitoring for evidence of some high risk vulnerabilities when changes are made to WordPress plugins and if we had more customers we could expand the proactive monitoring to more types of vulnerabilities. One of the types of vulnerabilities we are looking for are PHP object injection vulnerabilities since those are likely to be exploited if hackers become aware of them. Through that we came across a PHP object injection vulnerability in the plugin Leaky Paywall, which permits implementing a paywall on a website.
That a plugin used for business purposes has a serious vulnerability is all too common in our experience and is good reminder of the value of getting a security review of plugins that business can make a lot of sense. Through our service, paying customers can suggest and vote for plugins to have a review done. We also recently introduced the option to purchase the same type of review for a plugin of your choice. [Read more]
We recently started proactively monitoring for evidence of some high risk vulnerabilities being in WordPress plugins when changes are made to the plugins. One of the types of vulnerabilities we are looking for are PHP object injection vulnerabilities since those are likely to be exploited if hackers become aware of them (unlike other types of vulnerabilities that security companies are known to overstate the impact of). Through that we came across a PHP object injection vulnerability in the plugin Product Reviews.
The plugin’s function EWD_URP_Update_Karama() is made available through WordPress’ AJAX functionality to those logged in to WordPress or those not logged in (in the file /Functions/Process_Ajax.php): [Read more]
A month ago we discussed the web hosting company Pagely’s discovery of a number of PHP objection injection vulnerabilities in WordPress plugins. For some reason the unfixed ones have remained in the WordPress Plugin Directory despite being reported to the people running it. We recently took a closer look at those vulnerabilities while improving our detection of this kind of vulnerability for our new proactive monitoring of changes to WordPress plugins to look for vulnerabilities and that seemed like a good time to document them.
…
A month ago we discussed the web hosting company Pagely’s discovery of a number of PHP objection injection vulnerabilities in WordPress plugins. For some reason the unfixed ones have remained in the WordPress Plugin Directory despite being reported to the people running it. We recently took a closer look at those vulnerabilities while improving our detection of this kind of vulnerability for our new proactive monitoring of changes to WordPress plugins to look for vulnerabilities and that seemed like a good time to document them.
…