11 Dec

Vulnerability Details: Restricted File Upload in Woocommerce Pay.nl Payment Methods

Our Vulnerability Details posts provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is provided in the details posts as well.For existing customers, please [Read more]

04 Oct

Our Proactive Monitoring Caught a Restricted File Upload Vulnerability in VendorFuel

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities before they are exploited. While we have a number of automated checks that are used [Read more]

20 Dec

Vulnerability Details: Restricted File Upload Vulnerability in Gallery by BestWebSoft

While looking into what hackers might be targeting plugin Sharexy, we took a look at what appeared to be related request to see if a file that previously had existed in the plugin Gallery by BestWebSoft was on our website. The file requested was /wp-content/plugins/gallery-plugin/upload/php.php, which has been claimed to have an arbitrary file upload vulnerability as of [Read more]

27 Oct

Restricted File Upload Vulnerability in Social Articles

Back in June and July we ran into an odd situation where there was supposed to have been a vulnerability fixed in the plugin WP Job Manager, but what is supposed to be the issue was still possible with the plugin. That supposed issue involved some form of abuse of the plugin’s image upload capability, [Read more]