15 Jul

Here’s a Good Example of Why Releasing Security Updates Separate From Major Plugin Changes Is a Good Idea

Several weeks ago we detected what look to be someone probing for usage of the plugin Simplr Registration Form Plus+ on one of our website, which is usually an indication that a hacker is aware of an exploitable vulnerability in the plugin. Checking over the plugin we found that there was a vulnerability that would allow someone creating a WordPress account through the plugin to create an account with user specified role instead the role they were intended to have. You could not create an account with the Administrator role, but you could create one with the Editor role (or on a website with custom roles, those as well). Since Editor level users have access to capabilities that could introduce additional security issues, that was a pretty serious issue.

The response time in dealing with this wasn’t great. The developer only attempted to patch the vulnerability vulnerability two weeks after we had notified them. Before that it took a week for the Plugin Directory to remove the plugin from the directory, until it was fixed, after we had notified them. [Read more]

21 Jun

Privilege Escalation Vulnerability in Simplr Registration Form Plus+

We recently had a request for a file from the plugin Simplr Registration Form Plus+, /wp-content/plugins/simplr-registration-form/assets/simplr_reg.js, on one of our websites. A request for a file from plugin that isn’t installed on a website is usually an indication that someone is probing for usage of a plugin to try to exploit a vulnerability in it. After seeing the request we went looking for what the hacker might be looking to exploit in the plugin so that we could make sure it was in our data set. Since the plugin handles registering users a security issue with it is a big concern. We didn’t have  any vulnerabilities for the plugin already in our data set, we couldn’t find any public reports of vulnerabilities, and the plugin hasn’t been updated in five months so a vulnerability wasn’t recently fixed in it. At that point we started to review the plugin for a security vulnerability that hackers might be interested in exploiting.

After looking for some common items that we have been seeing as causing many security issues and not finding any of those issues in this plugin, we moved on to the user registration capability since a problem with that is something that a hacker would be interested in exploiting. [Read more]