12 Sep

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in SagePay Server Gateway for WooCommerce

This post provides the details of a vulnerability in the WordPress plugin SagePay Server Gateway for WooCommerce not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

02 Jan

What Happened With WordPress Plugin Vulnerabilities in December 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during December (and what you have been missing out on if you haven’t signed up yet): [Read more]

18 Dec

Open Redirect Vulnerabilty in SagePay Server Gateway for WooCommerce

Recently Ricardo Sanchez disclosed a reflected cross-site scripting (XSS) vulnerability in the plugin SagePay Server Gateway for WooCommerce. When we went to test that out while adding the vulnerability to our data set, we noticed a strange result. The proof of concept URL was

/wp-content/plugins/sagepay-server-gateway-for woocommerce/includes/pages/redirect.php?page=</script>”><script>alert(“R1XS4.COM”)</script> [Read more]