One of the ways we keep ahead of others when it comes to vulnerabilities in WordPress plugins, so that we can provide our customers with better security is that we monitor third-party data for indications that hackers are targeting WordPress plugins. Through that we just ran across someone possibly probing for usage of the plugin Simple Ajax Shoutbox by requesting the readme.txt file for it. That isn’t a very popular plugin, with only 1,000+ active installations according to wordpress.org, and hasn’t been updated in two years.

In a quick look over the plugin we didn’t see an obvious vulnerability that hackers would be interested in exploiting, though there were some things that look like they might cause a serious issue. But what did stand our right away is that that there is an easy to spot SQL injection vulnerability. That isn’t really isn’t something hackers seem all that interested in, but we can at least warn our customers and others that hackers might be targeting this plugin. [Read more]