Toolset Types

Authenticated Post Deletion Vulnerability in Toolset Types WordPress Plugin

As part of our recent focus on providing better information to customers of our main service about the security of plugins they use, we extended monitoring we already did on the closure of the most popular WordPress plugins on WordPress’ plugin directory to those being used by our customers. We monitor those closures because they are often caused by security vulnerabilities, sometimes very serious vulnerabilities. That monitoring notified us yesterday that a customer used plugin Toolset Types has been closed. According to the message on the plugin’s page, it was closed in 2019, so this must be a new customer or a website newly using the plugin:

This plugin has been closed as of April 4, 2019 and is not available for download. This closure is permanent. Reason: Author Request. [Read more]

Closures of Very Popular WordPress Plugins, Week of April 5

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

This week four of those plugins were closed and two of them have been reopened. [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Toolset Types

Authenticated Post Deletion Vulnerability in Toolset Types WordPress Plugin