18 Apr

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in WordPress Download Manager

This Vulnerability Details post about a vulnerability in the plugin WordPress Download Manager provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

07 Mar

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Blogger To WordPress

This Vulnerability Details post about a vulnerability in the plugin Blogger To WordPress provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

22 Feb

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Easy Testimonial Slider

This Vulnerability Details post about a vulnerability in the plugin Easy Testimonial Slider provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

11 Feb

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in NextScripts: Social Networks Auto-Poster

This Vulnerability Details post about a vulnerability in the plugin NextScripts: Social Networks Auto-Poster provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

04 Feb

Vulnerability Details: Reflected XSS in WP Support Plus Responsive Ticket System

This Vulnerability Details post about a vulnerability in the plugin WP Support Plus Responsive Ticket System provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

28 Jan

Full Disclosure of Reflected Cross-Site Scripting (XSS) Vulnerability in WordPress Plugin with 100,000+ Installs

As part of our work to further improve our Plugin Security Checker, an automated tool anyone can use to check to see if a WordPress plugin possibly contains security issues, we log the results of check for plugins in the Plugin Directory and do spot checks of those. Through that we found that the plugin, Download Manager, which has 100,000+ active installations according to wordpress.org, contains a reflected cross-site scripting (XSS) vulnerability.

[Read more]

25 Jan

Reflected Cross-Site Scripting (XSS) Vulnerability in Smart Forms

Earlier today we detailed a failed attempt to fix a reflected cross-site scripting (XSS) vulnerability in the latest version of Smart Forms. When putting together a post detailing a vulnerability discovered by others, we check to see if that vulnerability is something that would have been caught by our Plugin Security Checker, an automated tool anyone can use to check to see if a WordPress plugin possibly contains security issues, so that we can continue to improve that tool. With this plugin we found the code that was attempted to be fixed was flagged by the tool and an additional line of code that wasn’t changed in the latest version of the plugin was also flagged. Further checking confirmed that additional line was also vulnerable.

[Read more]

25 Jan

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Smart Forms

This Vulnerability Details post about a vulnerability in the plugin Smart Forms provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

16 Jan

Vulnerabilty Details: Reflected Cross-Site Scripting (XSS) in spam-byebye

This Vulnerability Details post about a vulnerability in the plugin spam-byebye provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]