Login

Tag Archives: Proactive Monitoring

11 Nov 2022

Cross-Site Request Forgery (CSRF)/Plugin Deactivation Vulnerability in 10Web Booster

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a less serious variant of one of those vulnerabilities, a cross-site request forgery (CSRF)/plugin deactivation vulnerability in 10Web Booster.

We now are also running all the plugins used by our customers through that on a weekly basis to provide additional protection for them. [Read more]

5 Oct 2022

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability in Create Block Theme

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, an arbitrary file upload vulnerability being added to the plugin Create Block Theme.

We now are also running all the plugins used by our customers through that on a weekly basis to provide additional protection for them. [Read more]

27 May 2022

Our Proactive Monitoring Caught a CSRF/PHP Object Injection Vulnerability in 1+ Million Install WordPress Plugin Ninja Forms

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Late last year we expanded on that for our customers, by running plugins used by our customers, even when code in them is not updated, through the same system on a weekly basis. We just made a significant improvement to the automated portion of that monitoring. Through that, we caught a less serious variant of one of those vulnerabilities, a cross-site request forgery (CSRF)/PHP object injection vulnerability in Ninja Forms. Which, besides being used by at least one of our customers, is used on 1+ million websites according to wordpress.org’s stats.

That Ninja Forms has yet another vulnerability isn’t surprising considering the developer’s security track record, which includes disclosing a fairly serious unfixed vulnerability last year (doing that alongside Wordfence) and still not having addressed an incorrect security fix, which we notified them about in January. [Read more]

15 Apr 2022

Brand New WordPress File Manager Plugin Allows Anyone to View and Upload Arbitrary Files

Before new plugins are allowed in to WordPress’ plugin directory, they are claimed to go through a manual review:

After your plugin is manually reviewed, it will either be approved or you will be emailed and asked to provide more information and/or make corrections. [Read more]

5 Apr 2022

Vulnerability Details: CSRF/Local File Inclusion (LFI) in Herd Effects and Hover Effects

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of those vulnerabilities, a cross-site request forgery (CSRF)/local file inclusion (LFI), being fixed in the plugin Hover Effects. The same issue was also fixed in another plugin by the same developer, Herd Effects. We didn’t catch the latter being addressed, but we have now updated our tools to catch that instance of this as well.

[Read more]

30 Mar 2022

Our Proactive Monitoring Caught an Authenticated PHP Object Injection Vulnerability in a WordPress Plugin With 70,000+ Installs

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of those vulnerabilities, an authenticated PHP object injection vulnerability in the plugin Blog2Social, which has 70,000+ active installs according to wordpress.org.

We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]

29 Mar 2022

Despite “Manual Security Review”, Brand New WordPress Plugin Contains Multiple Vulnerabilities

Before new plugins are allowed in to WordPress’ plugin directory, they are claimed to go through a manual review:

After your plugin is manually reviewed, it will either be approved or you will be emailed and asked to provide more information and/or make corrections. [Read more]

22 Mar 2022

Two WordPress Plugins With 60,000+ Installs Contain Authenticated Option Update Vulnerability

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of those vulnerabilities, an authenticated option update vulnerability in the plugins Stop Generating Unnecessary Thumbnails, which has 40,000+ installs, and CoDesigner, which has 20,000+ installs. Those plugins are from the same developer, so other plugins from them might be affected as well. This is also the second time our proactive monitoring has identified fairly serious vulnerabilities in the plugins (the previous instances involved separate vulenrabilities).

We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]

9 Mar 2022

Our Proactive Monitoring Caught an Authenticated PHP Object Injection Vulnerability Being Introduced in to a WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of those vulnerabilities, an authenticated PHP object injection vulnerability being introduced in to the plugin Contact.

We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]

28 Feb 2022

Update to WordPress Plugin Mistape Appears to Add Malicious Backdoor

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught what looks to be an even more serious issue, what appears to be a malicious backdoor being added to the plugin Mistape, which has 3,000+ installs.

We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]