Login

Tag Archives: Video Thumbnails

4 Nov 2022

Two of the Most Popular WordPress Plugins Contain Vulnerabilities and Were Closed Since Last Week

When WordPress plugins are closed on the WordPress Plugin Directory, unfortunately, those using the plugin and others are not informed of what caused the closure. So while the people running that would know if the plugins contain vulnerabilities, everyone is else left unaware if the plugin is known to be secure. One of the things we do to keep track of vulnerabilities in WordPress plugins is to monitor if any of the most popular plugins have been closed on the WordPress Plugin Director and then check if there are vulnerabilities we should warn our customers about.

Last week the plugin WP Page Widget, which recently had 60,000+ installs, was closed and as you can see, there is no explanation for the closure: [Read more]

4 Nov 2022

Privilege Escalation Vulnerability in Video Thumbnails WordPress Plugin

Earlier this week the WordPress plugin Video Thumbnails was closed on the WordPress Plugin Directory. As that plugin is one of the 1,000 most popular plugins, we were alerted to its closure. No reason has been given for the closure. But there are multiple minor security vulnerabilities in the latest version.

As one example of those vulnerabilities, the functionality for “resetting a video thumbnail” is accessible to anyone logged in to WordPress, instead of only to someone is who is editing the relevant post related to a video thumbnail. [Read more]