12 Sep 2019

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in SagePay Server Gateway for WooCommerce

The changelog for the latest version of the plugin SagePay Server Gateway for WooCommerce is “Updated the plugin to security vulnerability and make it more secure.” Looking at the changes made in that version we found that there was at least a reflected cross-site scripting (XSS) vulnerability fixed in that version.


[Read more]

2 Jan 2018

What Happened With WordPress Plugin Vulnerabilities in December 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during December (and what you have been missing out on if you haven’t signed up yet): [Read more]

18 Dec 2017

Open Redirect Vulnerabilty in SagePay Server Gateway for WooCommerce

Recently Ricardo Sanchez disclosed a reflected cross-site scripting (XSS) vulnerability in the plugin SagePay Server Gateway for WooCommerce. When we went to test that out while adding the vulnerability to our data set, we noticed a strange result. The proof of concept URL was

/wp-content/plugins/sagepay-server-gateway-for woocommerce/includes/pages/redirect.php?page=</script>”><script>alert(“R1XS4.COM”)</script> [Read more]