11 Jul

Vulnerability Details: Persistent Cross-Site Scripting (XSS) in Responsive Coming Soon

This post provides the details of a vulnerability in the WordPress plugin Responsive Coming Soon not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

20 Jun

Checking the Security of Fast Growing WordPress Plugins Would Be a Good Idea

Right now the people on the WordPress side of things refuse to even discuss making easy changes to help avoid websites being unnecessarily hacked due to plugin vulnerabilities, but if that was ever to change there is plenty more that could be done to improve the security plugins. Based on some checking we have done over the last week looking at the security of plugins quickly growing in popularity could head off issues getting exploited before they become even more popular.

[Read more]

10 Jun

Vulnerability Details: Persistent Cross-Site Scripting (XSS) in Breadcrumbs by menu

This post provides the details of a vulnerability in the WordPress plugin Breadcrumbs by menu not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

30 Apr

WordPress Paints a Target on Exploitable Settings Change Vulnerability That Permits Persistent XSS in Blog Designer

Almost a month ago we noted why it is so problematic to close popular WordPress plugins that contain undisclosed but serious security vulnerabilities in discussing a settings change vulnerability that permits persistent cross-site scripting (XSS) in the plugin Related Posts and unfortunately here we are seeing the same exact situation again with the plugin Blog Designer. Maybe we shouldn’t be surprised of that considering that the situation with Related Posts wasn’t properly resolved.

[Read more]

24 Apr

Security Changes Led To Us Noticing Settings Change Vulnerability in WP Database Backup

One of the things we do to provide our customers with the best data on vulnerabilities that exist in WordPress plugins they use is to monitor changelogs for mentions of security fixes, sometimes the changes made don’t seem like they are actually fixing the vulnerability mentioned. Take the latest version of WP Database Backup, where the changelog is “Fixed Vulnerability – XSS issue”. Looking at the changes made in that version it doesn’t look like is really doing that though.

[Read more]

15 Apr

Persistent Cross-Site Scripting (XSS) Vulnerability in WP Inventory Manager

One of the changelog entries for the latest version of WP Inventory Manager
is “Address security data sanitization in various $_POST, $_GET, $_REQUEST.” When we went to look at that change to see if there was a vulnerability we should add to our data set we noticed the two latest log entries for the plugin in the Subversion repository, which underlies the WordPress Plugin Directory, were “Updating to 1.7.9 for wordpress team review” and “Update for Plugin Review Team”. It’s not clear what that refers to, but when we went to look to see about the changes made, it looked like security changes related to the plugin’s settings had been made, so we installed the previous version of the plugin and started looking to see if looked like there was previously a vulnerability. What we saw is that there still looked to be a vulnerability, since the changes made didn’t seem to fix an issue we saw. When we went to look further we had a hard time finding the code related to the vulnerability and when we finally did we found that the situation was worse, as you don’t even need to be logged in to change the plugin’s settings and through that you can cause persistent cross-site scripting (XSS).

[Read more]

30 Mar

WordPress Plugin Team Paints Target on Exploitable Settings Change Vulnerability That Permits Persistent XSS in Related Posts

When we announced a protest of the continued inappropriate behavior of the WordPress Support Forum moderators, one of the changes we suggested to resolve that was:

[Read more]

21 Mar

Full Disclosure of Settings Change/Persistent Cross-Site Scripting (XSS) Vulnerability in Social Warfare

With our proactive monitoring of changes made to WordPress plugins in the Plugin Directory to try to catch serious vulnerabilities we review a lot of code that ends up not being vulnerable, so even if the flagged code looks rather concerning it doesn’t raise a lot of concern at first for us even, if like the code flagged in the plugin Social Warfare, which we will get to in a moment, indicates there might be a very serious vulnerability. When we checked over the rest code related to the flagged code with that plugin we found that the plugin allows anyone to change the plugin’s settings and that could be used to cause persistent cross-site scripting (XSS), which is just the sort of vulnerability hackers have shown a lot of interest in recently. The plugin has 70,000+ active installations according to wordpress.org, which makes it all the more likely that would be exploited.

[Read more]