20 May

What Security Review? Another Brand New WordPress Plugin Contains Widely Exploited Freemius Library Vulnerability

A little less than a month ago we mentioned how a brand new WordPress plugin contained an authenticated option update vulnerability due to usage of an outdated version of the third-party Freemius library. That vulnerability has been widely exploited. Brand new WordPress plugins are supposed to go through a security review before being allowed in the Plugin Directory. So either those reviews are not happening or they are failing to catch things that should have been caught. We spotted that through our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities and that has again identified the same thing happening, with the new plugin this time being WP Dev Powers: ACF Color Coded Field Types.

[Read more]

09 May

Our Proactive Monitoring Caught a Remote Code Execution (RCE) Vulnerability in Kanzu Support Desk

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a remote code execution (RCE) vulnerability in the plugin Kanzu Support Desk.

[Read more]

06 May

Our Proactive Monitoring Caught an Authenticated Remote Code Execution (RCE) Vulnerability in the New Plugin Master Popups Lite

In a yet another of far too many instances this has happened, our proactive monitoring of changes made to WordPress plugins in the Plugin Directory to try to catch serious vulnerabilities has caught a brand new plugin being introduced with a vulnerability that seems like should have been caught through the security review that is supposed to happen new plugins are allowed in the Plugin Directory. This time it is an authenticated remote code execution (RCE) vulnerability in the plugin Master Popups Lite.

[Read more]

29 Apr

Our Proactive Monitoring Caught an Authenticated Arbitrary File Upload Vulnerability in PollDeep

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated arbitrary file upload vulnerability in to the plugin PollDeep.

[Read more]

25 Apr

What Security Review? Brand New WordPress Plugin Contains Widely Exploited Freemius Library Vulnerability

Brand new WordPress plugins are supposed to go through a security review before being allowed in the Plugin Directory. Either those reviews are not happening or they are failing to catch things that should have been caught. Take the plugin WP Buddha Free Adwords Plugin (Free Adwords Campaigner), which we came across due our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities flagging that it contained an authenticated option update vulnerability that was in older version of the Freemius library, which has been widely exploited.

[Read more]

23 Apr

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability in WooCommerce Checkout Manager

With an arbitrary file upload upload vulnerability in the plugin WooCommerce Checkout Manager our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities caught, a good reminder is provided that things are not always as they visibly seem with plugins.

[Read more]

22 Apr

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability Returning to Zielke Specialized Catalog

On April 10 we detailed for our customers an arbitrary file upload vulnerability that had been in the plugin Zielke Specialized Catalog and some of the odd circumstances surrounding that. A week later a new version of the plugin was released that restores the vulnerability, which we noticed through our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities, and again it isn’t clear exactly what was going on there.

[Read more]

18 Apr

It Seems Like the Security Review of New WordPress Plugins Should Have Caught This CSRF/XSS Vulnerability in LeaderBoard LITE

As part of our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities we manually look at a lot of code that doesn’t end up leading to the vulnerability that is being flagged as possibly being caused by the automated portion of that, but sometimes, as is the case of LeaderBoard LITE (LeaderBoard Plugin), we find another vulnerability in the same block of code as where the possible vulnerability was flagged. That is a brand new plugin that was supposed to go through a security review before being allowed in the Plugin Directory. The situation could actually be worse, if not for some of the insecure code in the plugin being broken.

[Read more]

15 Apr

Our Proactive Monitoring Caught an Authenticated Arbitrary File Viewing Vulnerability Being Introduced in to Apply Online

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated arbitrary file viewing vulnerability being introduced in to the plugin Apply Online.

[Read more]

10 Apr

Vulnerability Details: Arbitrary File Upload in Zielke Specialized Catalog

This post provides the details of a vulnerability in the WordPress plugin Zielke Specialized Catalog not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]