26 Nov

Security Tip for WordPress Plugin Developers: Use wp_safe_redirect() Instead of wp_redirect()

Seeing as even a number of the 1,000 most popular WordPress plugin in the Plugin Directory are not doing things in a secure way we thought it would be a good idea to emphasize something from a previous post, which is that if you are using the function wp_redirect() to handle redirections that will only [Read more]

04 Jan

Tip For Security Researchers: Make Sure The Developer Has Actually Fixed The Vulnerability You Found

When reviewing a report of a vulnerability in a WordPress plugin while preparing to add it our service’s dataset we test out the vulnerability. We do that to help us to do a number of things, including making sure the vulnerability actually exists and to determine what versions are vulnerable. Through that we often find that the [Read more]

01 Dec

Tip For Security Researchers: WordPress Uses a Nonce to Protect Against Cross-Site Request Forgery (CSRF)

For the last three false reports of vulnerabilities in WordPress plugins we have discussed, there has been a common denominator that we don’t quite understand. Each has involved a claim that a plugin has a cross-site request forgery (CSRF) vulnerability, but in the proof of concept for exploiting each of the vulnerabilities there has been [Read more]

24 May

Tip For Security Researchers: wp_insert_post() and wp_update_post() Sanitize the Submitted Input

From reviewing lots of vulnerability reports one of our big takeaways is that the proper testing of suspected vulnerabilities often isn’t being done by security researchers. Without doing that you miss an easy to chance to catch things happening that nullify potential vulnerabilities in part or sometimes in full. One recent example we noticed repeating [Read more]