Login

Tag Archives: SupportCandy

24 Apr 2019

Arbitrary File Upload Vulnerability That Was in SupportCandy Now Receiving Exploit Attempts That Can Easily Fail

On April 5 due to our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities we disclosed an arbitrary file upload vulnerability we spotted in the plugin SupportCandy. A week after our disclosure Christian Angel independently found the vulnerability. The vulnerability was fixed on April 17.

In looking over the logs of a hacked website we were dealing with over at our main business we found that attempts to exploit this vulnerability have been occurring since at least April 20, though in a way that can fail even if a website is using a vulnerable version of the plugin. The exploit attempts involve sending a POST request to: [Read more]

5 Apr 2019

Arbitrary File Upload Vulnerability in SupportCandy

When it comes to security of WordPress plugins, what other security companies generally do is to add protection against vulnerabilities after they have already been widely exploited, which it should be pretty obvious doesn’t produce good results. By comparison, we do proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities, but we only have so much time to do that with the amount of customers we have, so we have a backlog of possible vulnerabilities that didn’t look like serious issues that we haven’t had time to get to. Sometimes, as is the case, with the plugin SupportCandy when the plugin comes up again with that proactive monitoring we realize that vulnerability was more serious, as the plugin contains an arbitrary file upload vulnerability, which is the kind that hackers are likely to exploit.

What is odd about the arbitrary file upload vulnerability is that the developer has had file upload capability that was at least partially secured for some time and then added new functionality that is totally insecure back in January. [Read more]