If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during July (and what you have been missing out on if you haven’t signed up yet): [Read more]
We recently started proactively monitoring for evidence of some high risk vulnerabilities being in WordPress plugins when changes are made to the plugins. One of the types of vulnerabilities we are looking for are PHP object injection vulnerabilities since those are likely to be exploited if hackers become aware of them (unlike other types of vulnerabilities that security companies are known to overstate the impact of). Through that we came across a PHP object injection vulnerability in the plugin Product Reviews.
The plugin’s function EWD_URP_Update_Karama() is made available through WordPress’ AJAX functionality to those logged in to WordPress or those not logged in (in the file /Functions/Process_Ajax.php): [Read more]