01 Nov

The Head of the Plugin Directory Mika Epstein Seems Like the One Acting Stupidly Here

When it comes to improving the security of WordPress plugins the two things that stand out that are of most need and have been for years, are warning people when they are using vulnerable plugins and for serious vulnerabilities, which are likely to be exploited, putting out fixes if the developer doesn’t. The reason that [Read more]

16 Aug

Settings Change Vulnerability in Asgaros Forum

One of the ways we make sure we have the best data on vulnerabilities in WordPress plugins is by monitoring the WordPress Support Forum for threads possibly related to those. Through that today we ran across a thread started earlier today that seemed to indicate malicious .php files were being uploaded through the Asgaros Forum plugin. Looking [Read more]

18 Jul

Settings Change Vulnerability in Total Security

We were recently doing some basic security checks over WordPress security plugins and identified a possible issue in the plugin Total Security. While the issue we first were looking into turned out to not be exploitable, we noticed a couple of other security vulnerabilities in the plugin. The first being a persistent cross-site scripting (XSS) vulnerability. The [Read more]