10 Oct

Vulnerability Details: Privilege Escalation in iThemes Sync

This post provides the details of a vulnerability in the WordPress plugin iThemes Sync not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

12 Aug

Vulnerability Details: Privilege Escalation in WP Social Feed Gallery

This post provides the details of a vulnerability in the WordPress plugin WP Social Feed Gallery not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

05 Aug

Vulnerability Details: Privilege Escalation in Ultimate FAQ

This post provides the details of a vulnerability in the WordPress plugin Ultimate FAQ not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

05 Aug

Vulnerability Details: Privilege Escalation in WP Mega Menu

This post provides the details of a vulnerability in the WordPress plugin WP Mega Menu not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

29 Jul

WordPress Plugin Security Review: WC Duplicate Order

For our 30th security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin WC Duplicate Order.

If you are not yet a customer of the service, once you sign up for the service as a paying customer you can start suggesting and voting on plugins to get security reviews. For those already using the service that haven’t already suggested and voted for plugins to receive a review, you can start doing that here. You can use our tool for doing limited automated security checks of plugins to see if plugins you are using have possible issues that would make them good candidates to get a review. You can also order a review of a plugin separately from our service. [Read more]

26 Jun

Vulnerability Details: Privilege Escalation in WebP Converter for Media

This post provides the details of a vulnerability in the WordPress plugin WebP Converter for Media not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

03 Jun

Privilege Escalation Vulnerability Only Partially Fixed in WordPress Plugin Ultimate Member Due to Use of is_admin()

We can’t emphasize enough that you should not use the plugin Ultimate Member as the plugin has been riddled with security vulnerabilities including one that was widely exploited last year and was slow to be fixed, due to what appears to be a lack of interest by the developer in getting it secure. That lack of interest is particularly problematic due to the fact that the plugin has 100,000+ active installations according to wordpress.org. The latest vulnerability found in it is yet another reminder of that, as the developer attempted to fix a serious vulnerability, but used the wrong code, so there is still a vulnerability, though less easily exploited. The continuation of the vulnerability also involves a security failure in WordPress that was warned about back in February of 2011, but still hasn’t been resolved despite being continually being implicated in widely exploited vulnerabilities.

The situation is also is yet another reminder why actually checking out and testing out claimed fixed vulnerabilities is important, so you don’t incorrectly believe that an unfixed vulnerability that is more widely known about, since it has been noted to have been fixed, has been fixed. That is something we do, but clearly other data sources on WordPress plugin vulnerabilities competing with our service don’t do. [Read more]

20 May

Vulnerability Details: Privilege Escalation in myStickymenu

This post provides the details of a vulnerability in the WordPress plugin myStickymenu not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

22 Apr

Vulnerability Details: Privilege Escalation in Feedburner Alternative and RSS Redirect Plugin

This post provides the details of a vulnerability in the WordPress plugin Feedburner Alternative and RSS Redirect Plugin not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

09 Apr

Recently Closed Visual CSS Style Editor WordPress Plugin Contains Privilege Escalation Vulnerability That Leads to Option Update Vulnerability

When it comes to the security of WordPress plugins what other security companies generally do is to add protection against vulnerabilities after they have already been widely exploited, which obviously won’t produce great results since there is a good chance the websites using their service have already been hacked by the time they do that. One of the ways we keep ahead of that is to monitor the closure of the 1,000 most popular WordPress plugins in the Plugin Directory, since that closure can be due to a security issue and even if it is not, we have found the plugins being closed often contain security vulnerabilities, and as was the case with one less than two weeks ago, ones likely to be exploited. Hackers seem to be doing that type of monitoring as well. Through that we found that the plugin Visual CSS Style Editor, which has 30,000+ active installs and was closed yesterday, has two vulnerabilities that when combined lead to a type of vulnerability hackers would be likely to exploit.

When we started to do a quick check of the security of the plugin after we were notified by our monitoring that it was closed, we found that were multiple basic security failures. For example, our Plugin Security Checker, which is an automated tool anyone can use to check plugins for possible security issues, correctly identified the possibility of a reflected cross-site scripting (XSS) vulnerability. But that isn’t a serious issue, so we went to look if there was something more serious that we should be warning our customers about instead. We found something that fit the bill, but there could be other issues as well. [Read more]