09 Jun

WordPress Plugin Directory’s Security Review Leads to Putting Public At More Risk

Yesterday we announced we have temporarily ended our notifications to the WordPress Plugin Directory when there are plugins with disclosed vulnerabilities in the current version of the plugin that is in the directory, until they put forward concrete plans to resolve two issues. One of those is finally warning people when they are using plugins [Read more]

08 Jun

Information Disclosure Vulnerability in Save Contact Form 7

While looking into a recent security fix for a SQL injection vulnerability in version 2.0 of the plugin Save Contact Form 7 we noticed a much larger issue in the relevant code, all the contact form submissions saved by the plugin are publicly accessible. Normally the submissions saved by the plugin are viewed through the plugin’s [Read more]

08 Jun

Vulnerability Details: SQL Injection Vulnerability in Save Contact Form 7

This Vulnerability Details post about a vulnerability in the plugin Save Contact Form 7 provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is [Read more]