11 Feb

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in NextScripts: Social Networks Auto-Poster

This Vulnerability Details post about a vulnerability in the plugin NextScripts: Social Networks Auto-Poster provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is [Read more]

04 Feb

Vulnerability Details: Reflected XSS in WP Support Plus Responsive Ticket System

This Vulnerability Details post about a vulnerability in the plugin WP Support Plus Responsive Ticket System provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what [Read more]

28 Jan

Full Disclosure of Reflected Cross-Site Scripting (XSS) Vulnerability in WordPress Plugin with 100,000+ Installs

As part of our work to further improve our Plugin Security Checker, an automated tool anyone can use to check to see if a WordPress plugin possibly contains security issues, we log the results of check for plugins in the Plugin Directory and do spot checks of those. Through that we found that the plugin, Download Manager, [Read more]

25 Jan

Reflected Cross-Site Scripting (XSS) Vulnerability in Smart Forms

Earlier today we detailed a failed attempt to fix a reflected cross-site scripting (XSS) vulnerability in the latest version of Smart Forms. When putting together a post detailing a vulnerability discovered by others, we check to see if that vulnerability is something that would have been caught by our Plugin Security Checker, an automated tool anyone can [Read more]

25 Jan

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Smart Forms

This Vulnerability Details post about a vulnerability in the plugin Smart Forms provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is provided in [Read more]

16 Jan

Vulnerabilty Details: Reflected Cross-Site Scripting (XSS) in spam-byebye

Our Vulnerability Details posts provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is provided in the details posts as well.For existing customers, please [Read more]

07 Jan

Our Plugin Security Checker Could Have Warned You About the Possibility of Vulnerabilities in a Couple of WordPress Plugins with 80,000 Installs

On Friday we noted in our post detailing a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin Ninja Forms, which has 1+ million active installations according to wordpress.org, that our Plugin Security Checker,  which is a tool that allows anyone to see if there are possible security issues in WordPress plugins that could use further [Read more]

04 Jan

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Ninja Forms

This Vulnerability Details post about a vulnerability in the plugin Ninja Forms provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is provided in [Read more]

14 Dec

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

This Vulnerability Details post about a vulnerability in the plugin WooCommerce PDF Invoices Packing Slips Delivery Notes & Shipping Labels provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you [Read more]

26 Nov

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in YOP Poll

This Vulnerability Details post about a vulnerability in the plugin YOP Poll provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is provided in [Read more]