26 Nov

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in YOP Poll

This Vulnerability Details post about a vulnerability in the plugin YOP Poll provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered and are freely available.For existing customers, please log in to your account to view the [Read more]

14 Nov

Vulnerability Details: Reflected XSS in Ninja Forms

This Vulnerability Details post about a vulnerability in the plugin Ninja Forms provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered and are freely available.For existing customers, please log in to your account to view the [Read more]

12 Nov

Vulnerability Details: Reflected XSS Vulnerability in PeepSo

This Vulnerability Details post about a vulnerability in the plugin PeepSo provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered and are freely available.For existing customers, please log in to your account to view the rest [Read more]

05 Nov

Full Disclosure of Reflected XSS Vulnerability in WordPress Plugin with 100,000+ Installs

One of the ways that we continue to improve the quality of our automated tool for detecting possible security issues in WordPress plugins, the Plugin Security Checker, is by checking if vulnerabilities we are adding to our data set that should be detectable by that are in fact detected. That led to us running the [Read more]

05 Nov

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in NextScripts: Social Networks Auto-Poster

This Vulnerability Details post about a vulnerability in the plugin NextScripts: Social Networks Auto-Poster provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered and are freely available.For existing customers, please log in to your account to [Read more]

02 Nov

Vulnerability Details: Reflected XSS, CSRF/XSS, and Persistent XSS Vulnerabilities in Calendar Event Multi View

This Vulnerability Details post about a vulnerability in the plugin Calendar Event Multi View provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered and are freely available.For existing customers, please log in to your account to [Read more]

02 Nov

Vulnerability Details: Reflected XSS Vulnerability in WP Live Chat Support

This Vulnerability Details post about a vulnerability in the plugin WP Live Chat Support provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered and are freely available.For existing customers, please log in to your account to [Read more]

16 Oct

Full Disclosure of Reflected Cross-Site Scripting (XSS) Vulnerability in WooCommerce Order Export and More

The other day while looking for information on a vulnerability possibly related to a plugin that exports order information from WooCommerce we ran across a report of an unrelated possible vulnerability in the plugin WooCommerce Order Export and More from php-grindr. That report pointed to the value of the GET or POST input “tab” being set to [Read more]

12 Oct

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Category Order

Our Vulnerability Details posts provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered and are freely available.For existing customers, please log in to your account to view the rest of the post.If you are not currently [Read more]