Login

Tag Archives: Reflected Cross-Site Scripting (XSS)

10 Oct 2018

Reflected Cross-Site Scripting (XSS) Vulnerability in Testimonial Slider

In a post earlier today we mentioned running across mention of the plugin Testimonial Slider being removed from the Plugin Directory and the cause of that. While doing a bit of checking over the plugin we found another minor vulnerability (and there certainly could be more as the code we looked at isn’t securely written), we just happened across this one while looking for something else.

On line 267 of the file /slider_versions/testimonial_1.php the value of the variable $active_tab is output without being escaped: [Read more]

3 Oct 2018

New Check in Our Plugin Security Checker Already Spotted Vulnerability in WordPress Plugin with 100,000+ Active Installs

About a month ago we mentioned that moderators of the WordPress Support Forum’s deletion of discussions of security issues can be unhelpful, in the context of us seeing mention of a vulnerability in a thread that was quickly deleted, realizing there was another related vulnerability, and then adding a check for that other vulnerability to our Plugin Security Checker, which provides a limited but expanding capability to check for possible security issues in plugins. Just days later that new check flagged a possible issue in a plugin with 100,000+ active installs that was being run through it and a quick check confirmed that it was an exploitable vulnerability (though far from a serious issue for the average website). That the vulnerability was found in, Ultimate Member, wasn’t all that surprising considering that Plugin Security Checker had previously identified another vulnerability of the same type in the plugin a couple of months ago.

Here are the details of the possible reflected cross-site scripting (XSS) vulnerability that was identified, which are available to users of our service through the Plugin Security Checker’s Developer Mode: [Read more]

28 Sep 2018

Full Disclosure of Reflected Cross-Site Scripting (XSS) Vulnerability in Plugin with 30,000+ Active Installs

To close out our first week of full disclosing vulnerabilities in WordPress plugins until the people on the WordPress side of things finally clean up the moderation of their Support Forum, we return back to something from the first day and a reminder of an example of why the Support Forum moderators behavior is harmful to actually improving security. We and others other often find additional vulnerabilities based on seeing reports of other vulnerabilities (and with our Plugin Security Checker tool we help find even more), so that makes the moderators deletion of reports of them on the Support Forum have a negative impact on improving security. Of course there is the other side of having the details of these vulnerabilities public, especially if they haven’t been fixed, but the best solution is to get them fixed. Once something has been disclosed it would be foolish to assume that people with bad intentions haven’t seen it, but the people on the WordPress side of things don’t seem to have a great grasp as to how the Internet works. Thus the most important thing is to make sure the vulnerability is fixed, but what seems to usually happen is that the moderators simply delete the reports and then don’t actually bother to notify anyone that could do anything about fixing the vulnerability. That was the case with the first plugin we full disclosed.

On Tuesday we discussed how Janek Vind’s report on reflected cross-site scripting (XSS) vulnerability in FV Flowplayer Video Player, lead to us check the 1,000 most popular plugins to get an idea of if there might be similar issues in other plugins while considering adding a check for some instances of them to our Plugin Security Checker. Through that we found just such a vulnerability in a plugin with 700,000+ active installations according to wordpress.org. We also added a check that would catch that to our Plugin Security Checker.
 [Read more]

25 Sep 2018

Full Disclosure of Vulnerability in WordPress Plugin with 700,000+ Active Installations

Earlier today we announced we are changing how we handle the disclosure of vulnerabilities in WordPress plugins. Until the inappropriate behavior by the moderators of the WordPress Support Forum ends we are going to be doing full disclosure, that is just disclosing the vulnerabilities, and after that only notifying the developer of the plugin through the Support Forum. We hope that this will be the thing that finally causes the current moderators and or other people in charge of WordPress to understand that they need to clean up the moderation, because it is causing many more problems than these full disclosures will.

We thought it would be a good idea to start these full disclosures off with a bang by disclosing a vulnerability in a very popular plugin, one with 700,000+ active installations according to wordpress.org. The type of vulnerability being disclosed though has almost no chance of being exploited on the average website, unless you were to believe the misinformation put out by other security companies. [Read more]

24 Sep 2018

Our Plugin Security Checker Identified a Reflected XSS Vulnerability in Quiz And Survey Master

Recently the plugin Quiz And Survey Master, which has 20,000+ active installs according to wordpress.org, was run through our Plugin Security Checker tool and as part of our continued focus on improving the results produced by the tool we happened to take a look at some of the possible issues identified in it. One of those possible issues was reflected cross-site scripting (XSS) vulnerability in the plugin due to user input being directly output without any escaping.

Looking at the underlying code for the identified issue, which is available to users of our service through the tool’s Developer Mode, it certainly looked like the identification was correct and that there was likely be a vulnerability due to user input being output without being escaped: [Read more]

24 Sep 2018

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WP Sudoku Plus

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

[Read more]

5 Sep 2018

Reflected Cross-Site Scripting (XSS) Vulnerability in File Manager

One of the problems we have found with the WordPress Support Forum is that there is  unproductive and inconsistent deletion of claims about the security of plugins. In an instance from just a couple of days ago a thread was deleted which mentioned an unfixed vulnerability in the plugin File Manager, deleting that doesn’t make much sense to us since it would be easy for someone with bad intentions to do same monitoring that we do and have spotted that thread before it was deleted, while deleting makes it harder for those with good intentions to find out about it. For us seeing it, not only lead to us noticing a related vulnerability in the same code, but it also led to a new check for our Plugin Security Checker to make it easier for similar issues to the one we noticed to be caught and fixed going forward, leading to better security for WordPress plugins, which unfortunately the moderators of the WordPress Support Forum don’t seem to be all that interested in based on the actions they take and their shutting down any conversion about whether those actions are productive.

The additional vulnerability we noticed is a reflected cross-site scripting (XSS) vulnerability, which could possibly allows an attacker to run arbitrary malicious JavaScript code. This type of vulnerability isn’t a big threat since it requires getting someone else to take an action, which we don’t see hackers really interested in when it comes to untargeted attacks, and web browsers other than Firefox include filtering to restrict the ability for this type of vulnerability to be exploited. [Read more]

10 Aug 2018

Our Plugin Security Checker Identified Another Reflected XSS Vulnerability in WordPress Plugin with 100,000+ Active Installs

In a reminder of the rather poor state of security of WordPress plugins and how our Plugin Security Checker tool (which is accessible through a WordPress plugin of its own) can help you to get a better idea if they are in need of additional security scrutiny recently the plugin Ultimate Member, which has 100,000+ active installs according to wordpress.org, was run through the tool and it identified a possible reflected cross-site scripting (XSS) vulnerability in the plugin.

Looking at the details of the issue identified, which are available to users of our service through the tool’s Developer Mode, it certainly looked like there was that type of vulnerability as user input was being output without being escaped: [Read more]