30 Oct

Authenticated Local File Inclusion (LFI) Vulnerability in PluginOps Page Builder

As we discussed in a previous post, while reviewing the changes in a recent version of the pluginĀ PluginOps Page Builder we found that a local file inclusion version vulnerability had recently been fixed in the plugin. In looking over the changes that fixed that, we found that there was still a limited authenticated local file inclusion (LFI) vulnerability in the plugin.

[Read more]

30 Oct

Vulnerability Details: Local File Inclusion (LFI) Vulnerability in PluginOps Page Builder

This Vulnerability Details post about a vulnerability in the plugin PluginOps Page Builder provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]