02 Jan

WordPress Plugin Security Review: Share Buttons by AddThis

For our 23nd security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin Share Buttons by AddThis (WordPress Share Buttons Plugin – AddThis).

If you are not yet a customer of the service, once you sign up for the service as a paying customer you can start suggesting and voting on plugins to get security reviews. For those already using the service that haven’t already suggested and voted for plugins to receive a review, you can start doing that here. You can use our tool for doing limited automated security checks of plugins to see if plugins you are using have possible issues that would make them good candidates to get a review. You can also order a review of a plugin separately from our service. [Read more]

01 Aug

What Happened With WordPress Plugin Vulnerabilities in July 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during July (and what you have been missing out on if you haven’t signed up yet): [Read more]

19 Jul

Cross-Site Request Forgery (CSRF)/Settings Change Vulnerability in Share Buttons by AddThis

We recently found that the plugin Share Buttons by AddThis had a cross-site request forgery (CSRF)/settings change vulnerability. When setting the plugin’s settings by clicking the Save Options button on the plugin’s settings page proper protection against CSRF exist, but it doesn’t for an alternate method when the plugin is set be controlled from “AddThis.com”.

When it is controlled that way the addthisAsyncLoading function is accessible through WordPress’ AJAX functionality (in the file /addthis-for-wordpress.php): [Read more]