Login

Tag Archives: Sead Fadilpašić

27 Jan 2025

Patchstack Apparently Didn’t Take Basic Step to Get Unfixed Exploitable Vulnerabilities Fixed Before Disclosing Them

Last week WordPress security provider Patchstack disclosed what they claimed was an unfixed exploitable vulnerability in a WordPress theme and one in a related WordPress plugin. We say claim, because some of the information they provided appeared on its face to be very wrong. Early in the post, they wrote that “code that handles user input didn’t have any authorization or nonce check.” Code that handles user input doesn’t necessarily require authorization or a nonce check. For example, doing a search on a WordPress based website doesn’t require either of those things, despite involving user input. A more salient point is they then promptly showed the code and that not only contained a nonce check, but even had a comment about it, “First check the nonce, if it fails the function will break:”

[Read more]

19 Sep 2022

Wordfence and Security Journalists Are Again Creating FUD About the Security of WordPress Websites

Last week numerous news outlets ran scary sounding stories about a claimed security issue in a WordPress plugin. Here are some of the headlines of stories that were included in Google News:

  • WordPress zero-day vulnerability compromised more than 280000 websites: Researchers
  • 280000 WordPress sites hacked by exploitation of CVE-2022-3180 – Web Hosting
  • Shocking Cyberattack by Hackers on 280000 WordPress Sites
  • Shocking cyberattack! 280000 WordPress sites attacked by hackers
  • Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability
  • Zero-day in WPGateway WordPress plugin actively exploited in attacks
  • WordPress Plugin Vulnerability Abused in Zero-Day Exploit
  • WordPress zero-day vulnerability leads to 4.6 million attempted attacks on websites
  • WordPress plugin vulnerability leaves sites open to total takeover
  • Over 280000 WordPress sites may have been hijacked by zero-day hiding in popular plugin

The last one of those was from a TechRadar story written by Sead Fadilpašić. The sub-headline of the story was: [Read more]