One of the changelog entries for a recent version of Slimstat Analytics is “[Fix] License keys for premium add-ons were not being saved as expected, due to a side effect of the new security features we implemented in the Settings.”. When we went to see if a previous version had introduced a security fix, when found, somewhat confusingly, that the new version was introducing a security fix.
…
The changelog for the latest version of the plugin SagePay Server Gateway for WooCommerce is “Updated the plugin to security vulnerability and make it more secure.” Looking at the changes made in that version we found that there was at least a reflected cross-site scripting (XSS) vulnerability fixed in that version.
…
The changelog for the latest version of Easy Registration Forms “Security improvement.” When we looked at the changes made in that version to see if there was a vulnerability should be adding the data set for our service what we saw was that insecure code being changed should have been flagged by our Plugin Security Checker, an automated tool that can identify some possible issues in WordPress plugins, if someone had run the plugin through that. In comparing the results of the tool for the previous version of the plugin versus the changes made, we found that only two of three instances of it flagged by the tool had been fixed. One possible explanation is the developer was inadvertently fixing a vulnerability when making an unrelated security improvement.
With the developer mode of the Plugin Security Checker enabled this line of code is still flagged by the tool in the new version of the plugin: [Read more]
One of the changelog entries for the latest version of Grid Kit is “Security & performance improvements”. Looking at the changes made in that version we saw that various user input was now validated or sanitized. The lack of that at least previously led to a reflected cross-site scripting (XSS) vulnerability.
…
We are currently working on a security review of a fairly popular WordPress plugin that we were hired by the developer to do. While working on that we have found a number of issues with the Redux Framework, which is a third-party library for handling the settings of WordPress plugins. We also noticed that it would be easy enough to add a check to our Plugin Security Checker to see if outdated versions of that are included in plugins being run through that tool, unlike a lot of third-party libraries, which don’t include a version number anywhere. While it might make sense to warn about usage of an outdated version, an outdated version is not necessarily insecure. In looking over the changelog of that we noticed the changelog for version 3.5.8.7 is:
Fixed: Reflective XSS security fix. Thanks to Kacper Szurek for the information. [Read more]
One of the changelog entries for the latest version of Import Social Events is “IMPROVEMENT: Some Security Improvements.” Looking at the changes made we saw that sanitization was being added in a number of locations. The first instances of that though didn’t have any security impact, so we ran the previous version of the plugin through our Plugin Security Checker tool to see if it flagged any possible issues. That flagged the code below as possibly being vulnerable, which we then confirmed. Looking at the changes made that wasn’t fixed.
We also noticed that similar code on the next line after the vulnerable code could also lead to a vulnerability and wasn’t flagged by tool. We made improvement to the tool that will now catch that in the future. [Read more]
The changelog for the latest version of the plugin Photo Gallery Portfolio is “fix security issues”. Looking at the changes made there we found a reflected cross-site scripting (XSS) vulnerability looks to have been fixed. The plugin was closed on the Plugin Directory on July 8, though possible for a different reason.
…
One of the changelog entries for the latest version of WP Photo Album Plus is “This version addresses various security issues.”. That fixes at least one vulnerability, a reflected cross-site scripting (XSS) vulnerability that would have been flagged by our Plugin Security Checker. As of writing this it still will flagged it since the new version has not been set to be the current version of the plugin. The new version can be downloaded from the Advanced View page on the Plugin Directory.
…
The plugin WooCommerce Variation Swatches (Variation Swatches for WooCommerce) was closed on the WordPress Plugin Directory yesterday. That is one of the 1,000 most popular plugins with 60,000+ installs, so we were alerted to its closure. While we were looking in to the plugin to see if there were any vulnerabilities we should be warning users of the plugin that also use our service, we found that it contains a reflected cross-site scripting (XSS) vulnerability.
The plugin’s admin page is made accessible to WordPress user with the “edit_theme_options” capability: [Read more]
The changelog for a recent version of Taxonomy Converter is “Security fix”. Looking at the changes made in that version we found that there was a reflected cross-site scripting (XSS) vulnerability fixed.
…