09 Jan

Vulnerability Details: PHP Object Injection Vulnerability in Post Grid

Back in November we were contacted about a PHP object injection vulnerability in the plugin Post Grid that the person who contacted us had seen exploited. We didn’t include it in our data at the time since they said they were waiting on the “developer to respond etc.” before disclosing it. While looking in to that vulnerability we discovered a file deletion vulnerability in the plugin, which impacted all the version that also had the PHP object injection vulnerability, so anyone using our service or the free data that comes with its companion plugin would have been notified that they were using a vulnerable plugin at the time.

Recently the issue of the vulnerability came up again and we noticed that it still hadn’t been disclosed. Seeing as it has now been two months since it was fixed we will go ahead with the disclosure. [Read more]

08 Nov

File Deletion Vulnerability in Post Grid

One of the reason we believe that it is important that the details of vulnerabilities in WordPress plugins be disclosed is that if others can review them that can lead to additional vulnerabilities being identified. That was the case with a recent vulnerability in the Post Grid plugin, where after being notified the details of a vulnerability (that vulnerability has yet to be publicly disclosed) we found that it pointed to a wider security issue with the plugin.

The original vulnerability was due in part to functions only intended for Administrator level users being made available to anyone through WordPress’ AJAX functionality, whether they were logged in to WordPress or not. That was the case not only for the function relevant to that vulnerability, but for a number of others. [Read more]