Login

Tag Archives: Privilege Escalation

28 Mar 2023

Privilege Escalation Vulnerability in Razorpay for WooCommerce

Yesterday, the WordPress plugin Razorpay for WooCommerce was closed on the WordPress Plugin Directory. Because that is one of the 1,000 most popular plugins in that directory (it has 70,000+ installs), our systems warned us about the closure and we started checking over the plugin to see if there was a vulnerability we should warn customers of our services about. What we found was that it contains what appears to be a very serious vulnerability.

The plugin registers four functions to be accessible through an admin post request by anyone logged in to WordPress: [Read more]

24 Mar 2023

Privilege Escalation Vulnerability in WP Mail Logging

This week Patchstack claimed vaguely that a cross-site request forgery (CSRF) vulnerability had been fixed in the WordPress plugin WP Mail Logging in the most recent version of the plugin. With another claim of that type of vulnerability this week, we found they appeared to have gotten the details wrong. In this case, the changelog for the version this was supposed to have been addressed in doesn’t have any mention of a security fix. The only thing that seems like it could be a reference to that sort of thing is a claim that they removed the Redux Framework.

[Read more]

23 Mar 2023

Let’s Learn From WordPress Security Provider Automattic’s Incredibly Insecure Code in WooCommerce Payments

It’s a bad look when a major WordPress security provider is disclosing that one of their own plugins has a serious security issue, which happened six months ago with the developer of iThemes Security. It’s even worse when the code is so insecure, which was also the case with iThemes. Automattic, the company of the head of WordPress Matt Mullenweg, which provides security solutions under brands including WPScan and Jetpack, today fixed a serious vulnerability in one of their plugins. That this happened runs counter to the view we see often that Automattic are security experts, but in line with previous security issues with their software. Unlike the situation with iThemes, though, this isn’t known to be a zero-day (a vulnerability being exploited before the developer knows about it) and doesn’t involve a security failure at such a basic level. It does involve having incredibly insecure code running in a situation that is high risk.

With that said, this situation could be used as impetus to finally move WordPress plugin security to a better place. But first, let’s look at what went wrong here. [Read more]

24 Feb 2023

Privilege Escalation Vulnerability in Enable Media Replace

The changelog for the latest version of the WordPress plugin Enable Media Replace makes no mention of fixing a security vulnerability, but there was a very minor one fixed. The changes being made in that version were flagged by our machine learning system, which tries to catch security fixes being made without it being disclosed.

[Read more]