Login

Tag Archives: Reflected Cross-Site Scripting (XSS)

1 Jul 2019

Reflected Cross-Site Scripting (XSS) Vulnerability in Newsletters

While looking into a vulnerability in a WordPress plugin closed on the Plugin Directory on Friday, so that we could warn the customers of our service about it, we noticed an indication that there might have been the same type of vulnerability in the plugin Newsletters as well and then found it had also been closed on the same day . A search over the plugin’s code and a bit of testing confirmed that it contains a reflected cross-site scripting (XSS). We don’t know if that led to the closure.

The plugin registers the function ajax_load_new_editor() to be accessible through WordPress’ AJAX functionality to those logged in to WordPress: [Read more]

26 Jun 2019

What Would Hackers Be Interested in the WordPress Plugin Limb Gallery For?

It looks like a hacker has recently been probing for the WordPress plugin Limb Gallery by requesting the file /wp-content/plugins/limb-gallery/js/angular-touch.min.js. In reviewing the plugin we so far haven’t found an obvious vulnerability that hackers might be interested in exploiting. That may be due to a lot of code being bunched together instead clearly separated out. Our Plugin Security Checker did identify the possibility of a less serious vulnerability, which we confirmed, so we can warn any customer of our service that are using the plugin of that vulnerability and let them know there may be a more serious issue.

The plugin runs all of is AJAX functionality through one function, grsGalleryAjax(), instead of separating it out and makes the function available to those logged in as well as those not logged in: [Read more]

25 Jun 2019

Other Vulnerability Data Sources Miss That a Reflected XSS Vulnerability in Custom 404 Pro Hasn’t Been Fixed

Being warned about vulnerabilities in WordPress plugins you use isn’t much good if you are being told that vulnerabilities have been fixed when it hasn’t. That is often a problem with data sources on vulnerabilities in WordPress plugins other than the one what underlies our service.

Yesterday an update to the plugin Custom 404 Pro had the changelog entry “Fix Reflected XSS”. In looking to see if the discoverer of that had put a report we found multiple places reporting that a vulnerability had been fixed. [Read more]

24 Jun 2019

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in CP Contact Form with PayPal

The changelog for the latest version of CP Contact Form with PayPal is “Fixed XSS vulnerability in CSS edition”. Looking at the changes made we found that a reflected cross-site scripting (XSS) vulnerability had been fixed. In not a great sign of the developers concern for security this exact same vulnerability existed in another of their plugins, which they were notified of in October, but they didn’t fix it in this plugin at the time. We found that the plugin still contains another instance of the same type of vulnerability.

[Read more]

24 Jun 2019

Reflected Cross-Site Scripting (XSS) Vulnerability in CP Contact Form with PayPal

Back in March of 2016 we warned of the WordPress plugin developer CodePeople, which currently has 27 plugins in the Plugin Directory, due to repeated security issues in their plugins. Over three years later things don’t look to have changed. The changelog for the latest version of the plugin CP Contact Form with PayPal is “Fixed XSS vulnerability in CSS edition” in looking into that to see if there was a vulnerability we should be notifying customers of our service that were using that plugin about, we found that there is still a related vulnerability in the current version of the plugin, which should have been caught if they checked over the code in the plugin for similar issues. The vulnerability that was fixed is identical to one that they were notified was in another of their plugin’s in October.

The plugin register its main admin page to be accessible to users with the “manage_options” capability, which normally only Administrators have: [Read more]

7 May 2019

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Ultimate FAQ

In a previous post today we mentioned a recent example of the moderators of WordPress Support Forum not understanding what the disclosure of a vulnerability is, but even when they correctly identify that they don’t seem to ever understand that continually deleting these disclosures instead of providing a better mechanism for reporting vulnerabilities isn’t working. That occurred just today with a reflected cross-site scripting (XSS) vulnerability in Ultimate FAQ. One of the moderators left this message for someone disclosing that:

[Read more]

18 Apr 2019

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in WordPress Download Manager

Yesterday ThuraMoeMyint released two reports of a reflected cross-site scripting (XSS) vulnerability in Download Manager (WordPress Download Manager). The information provided was not of great quality, but the main description provided us enough to figure out what was going on:

[Read more]

7 Mar 2019

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Blogger To WordPress

One thing we have said over and over is that trying to rely on changelog entries to tell you if a new version of a WordPress plugin is security update is going to produce poor results. The latest version of the plugin Blogger To WordPress is a good example of that. The changelog entries for that version are:

[Read more]