01 Sep

What Happened With WordPress Plugin Vulnerabilities in August 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

[Read more]

30 Aug

Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Traffic Manager

We recently started proactively monitoring for evidence of some high risk vulnerabilities when changes are made to WordPress plugins and if we had more customers we could expand the proactive monitoring to more types of vulnerabilities. In doing that we sometimes find that the possible vulnerable code isn’t exploitable, but we find another vulnerability while figuring that out, which doesn’t speak to WordPress plugins being all that secure. That is the case with the plugin Traffic Manager, where while looking into a possible issues that occurred while saving the plugin’s settings that the changing of the plugin’s setting lacked protection against cross-site request forgery (CSRF).

[Read more]