Login

Tag Archives: Privilege Escalation

28 Nov 2022

Privilege Escalation Vulnerability in ContentStudio

As discussed in a separate post, it looks like a hacker was probing for the WordPress plugin ContentStudio over the weekend. In looking over the plugin, we found that it is very insecure and contains a privilege escalation vulnerability.

In the file /contentstudio-plugin.php the plugin registers the function cstu_set_token() to run whenever WordPress loads: [Read more]

21 Nov 2022

Privilege Escalation Vulnerability in WordPress Popular Posts

The JVN released an advisory for the WordPress plugin WordPress Popular Posts stating that versions of the plugin prior to version 6.1.0 accepted “untrusted external inputs to update certain internal variables”, which they credited to Tsubasa Iinuma of Origami Systems. One of the changelog entries for that version is:

[Read more]

4 Nov 2022

Privilege Escalation Vulnerability in Video Thumbnails WordPress Plugin

Earlier this week the WordPress plugin Video Thumbnails was closed on the WordPress Plugin Directory. As that plugin is one of the 1,000 most popular plugins, we were alerted to its closure. No reason has been given for the closure. But there are multiple minor security vulnerabilities in the latest version.

As one example of those vulnerabilities, the functionality for “resetting a video thumbnail” is accessible to anyone logged in to WordPress, instead of only to someone is who is editing the relevant post related to a video thumbnail. [Read more]

17 Oct 2022

Privilege Escalation Vulnerability in BulletProof Security

After seeing possible hacker probing for the WordPress plugin BulletProof Security last week, we checked over it for any easy to spot serious vulnerabilities that a hacker might be interested in exploiting. We didn’t find any of those, but we did run across several places where the plugin is not properly secured. Among those, it permits low-level WordPress users to access to some of its MScan malware scanner functionality. That could be abused to cause the website to use a lot of server resources.

Like the rest of the plugin’s admin pages, the admin page for MScan is restricted to users with the manage_options capability, so normally only Administrators: [Read more]

25 May 2022

600,000+ Install WordPress Plugin WP Statistics Isn’t Properly Securing Its Optimization Functionality

Yesterday the JVN released a vague report claiming that a cross-site scripting (XSS) vulnerability had been fixed in version 13.2.0 of the WordPress plugin WP Statistics. There isn’t enough information provided to confirm that there was a vulnerability or that it was fixed.

Confusingly, one of our competitors, Automattic’s WPScan, is citing that report as the source for a claim that a vulnerability was fixed in version 13.2.2 of the plugin: [Read more]

24 May 2022

Recently Closed WordPress Plugin with 40,000+ Installs Contains Minor Defacement Vulnerability

Yesterday, the WordPress plugin Shapely Companion was closed on WordPress Plugin Directory. Because that is one of the 1,000 most popular plugins in that directory (it has 40,000+ installs), our systems warned us about the closure and we started checking over the plugin to see if there was a vulnerability we should warn customers of our services about. What we found was that it at least contains a minor vulnerability.

The plugin registers the function shapely_companion_import_content() to be accessible through WordPress’ AJAX functionality by anyone logged in to WordPress: [Read more]

22 Apr 2022

1+ Million Install WordPress Plugin From Security Plugin Developer WPMU DEV is Lacking Basic Security

Yesterday a new version of the WordPress plugin Smush, which has 1+ milllion active installs according to wordpress.org, with a changelog entry indicating that security fix was being made:

Fix: XSS vulnerability [Read more]