This post provides the details of a vulnerability in the WordPress plugin SagePay Server Gateway for WooCommerce not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during December (and what you have been missing out on if you haven’t signed up yet): [Read more]
Recently Ricardo Sanchez disclosed a reflected cross-site scripting (XSS) vulnerability in the plugin SagePay Server Gateway for WooCommerce. When we went to test that out while adding the vulnerability to our data set, we noticed a strange result. The proof of concept URL was
/wp-content/plugins/sagepay-server-gateway-for woocommerce/includes/pages/redirect.php?page=</script>”><script>alert(“R1XS4.COM”)</script> [Read more]