Login

Tag Archives: Security Vulnerability in Security Plugin

5 Jul 2016

Authenticated Information Disclosure Vulnerability in Activity Log

Every additional plugin that you add to your WordPress website adds additional security risk, that includes security plugins. Recently we did a quick check over plugins designed to allow you to keep track actions taken by users on your website. In several of cases we found rather minor security vulnerabilities. One of those was an authenticated information disclosure vulnerability in the plugin Activity Log, which allows anyone logged in to WordPress to see the display name of other users on the website (which would normally be their first and last names), their role, and their user ID number. The value of that information would depend on if the users’ names was something that some would rather not be public and if there was some possibility that the information could be used to assist a malicious attacker in gaining further access to the website.

The vulnerability is due to the AJAX accessible function ajax_aal_get_properties(), in the file /classes/class-aal-settings.php, not having a check to make sure that the request is coming from a user who should be able to access to it (normally that would only be Administrator level users): [Read more]

27 Jun 2016

Reflected Cross-Site Scripting (XSS) Vulnerability in WP Security Audit Log

When it comes to the poor state web security a big culprit is security companies, who don’t seem to either know or care that that much about security in many cases. So it isn’t wasn’t that surprising that we found a security company would have a WordPress plugin with a security vulnerability due to failure to take a basic security measure the other day, but the situation is a good reminder that services you get from security companies are not also honestly sold.

We recently did a quick security check of security plugins that generate a log of activity in admin area of WordPress. One of the ones we found a security issue with is WP Security Audit Log, which is developed by WP White Security. [Read more]

22 Jun 2016

Persistent Cross-Site Scripting (XSS) Vulnerability in WordPress File Monitor

Recently we have been catching a lot of vulnerabilities in plugins by looking at what appear to be hackers probing for usage of plugins on our websites and looking through the plugins for security vulnerabilities. Due to the success of that we are looking for more data on that type of probing so that we can catch more vulnerabilities, so that we can warn our customers about security issues in plugins they might be using and also to limit the impact those vulnerabilities can have on others as well. Through that we came across a request for the plugin WordPress File Monitor. That is a security plugin designed to monitor for file changes, which we found has security vulnerability that would allow a hacker to cause file changes they made to be ignored and more importantly allows for persistent cross-site scripting (XSS).

The problem starts with a request for the URL /wp-admin/options-general.php?page=WordPressFileMonitor&display=alertDesc, when that is requested the following code is run: [Read more]