02 Jan

WordPress Plugin Security Review: Share Buttons by AddThis

For our 23nd security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin Share Buttons by AddThis (WordPress Share Buttons Plugin – AddThis). If you are not yet a customer of the service, once you sign up for the service as a paying customer you can start suggesting and voting [Read more]

01 Aug

What Happened With WordPress Plugin Vulnerabilities in July 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during July (and what you have been missing out on if you haven’t signed up yet): Plugin [Read more]

19 Jul

Cross-Site Request Forgery (CSRF)/Settings Change Vulnerability in Share Buttons by AddThis

We recently found that the plugin Share Buttons by AddThis had a cross-site request forgery (CSRF)/settings change vulnerability. When setting the plugin’s settings by clicking the Save Options button on the plugin’s settings page proper protection against CSRF exist, but it doesn’t for an alternate method when the plugin is set be controlled from “AddThis.com”. When [Read more]