03 Aug

Authenticated Information Disclosure Vulnerability in Simple History

One of things we do to keep track of what vulnerabilities are being discovered in WordPress plugins is to monitor the WordPress support forums for threads related to plugin vulnerabilities. In addition to picking up the type of information we are looking for, we see an assortment of threads about security issues. One that we saw recently involved some one requesting that WordPress include the ability to log user activity, a “Support Representative” pointed them to a couple of plugins that do that. In response the original poster mentioned they were concerned about the additional security risk of the plugins:

[Read more]