This post provides the details of a vulnerability in the WordPress plugin Pretty Links not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during December (and what you have been missing out on if you haven’t signed up yet): [Read more]
Last week we had requests from the IP address 18.104.22.168 to our website that looked like they might be a hacker probing for usage of the plugins SendinBlue Subscribe Form And WP SMTP and Table Maker. After seeing that, we checked over the plugins to try find if there was a vulnerability in them that a hacker would be interested in.
With SendinBlue we found a SQL injection vulnerability that might be able to be used to cause PHP object injection to occur. PHP object injection is a type of issue that is highly likely to be exploited if it exists. That vulnerability has yet to be fixed. [Read more]