As part of making sure our customers are getting the best information on vulnerabilities in WordPress plugins they may be using we monitor for hackers probing for usage of plugins on our website and then try to figure out what the hackers might be looking to exploit. Today we have had what look to be hackers probing for usage of five plugins. Two of those have recently had vulnerabilities disclosed that involve persistent cross-site scripting (XSS). The other three do not appear to have had vulnerabilities recently disclosed, but have persistent XSS vulnerabilities as well. One of those plugins is Toggle The Title, which has 10,000+ installs according to wordpress.org and was last updated five years ago. In looking over the plugin we found that it contains an authenticated persistent cross-site scripting (XSS) vulnerability, which could possibly be what hackers would be interested in it.

The plugin resister the function TitleToggler_update_wp_options() to be accessible to anyone logged in to WordPress: [Read more]