Login

Tag Archives: Vulnerability Report

14 Dec 2023

Brainstorm Force Removed Security Code and Reintroduced Vulnerability in 1+ Million Install WordPress Plugin

It’s commonly claimed that it helps to determine if a WordPress plugin is secure by looking at the install count and looking if the developer is well known. We have yet to see anyone making that claim present any evidence of a correlation between them. We have seen plenty of instances where major WordPress plugin developers have problems handling security with popular plugins. Take Brainstorm Force. They were recently covered by the WP Tavern, while claiming to have made a six-figure investment in a plugin. So they clearly have the money to handle security properly, but they don’t.

The latest incident with Brainstorm Force involves a vulnerability in a 1+ million install plugin that went unnoticed by them (and others for that matter) for nearly four years, which they fixed without realizing it, it would seem, and then they reintroduced it today. [Read more]

5 Jan 2023

Reflected Cross-Site Scripting (XSS) Vulnerability in Newsletter Glue

As part of our monitoring the security of plugins used by our customers, we have a system that alerts us if plugins used by customers have been removed from the WordPress Plugin Directory. A common cause of those removals is security issues (or at least claimed security issues). That brought the plugin Newsletter Glue to our attention recently, which was closed in August. The removal reason given is “Author Request”, but we wanted to make sure there wasn’t a serious vulnerability in the plugin as well.

What we found is that the plugin contains a minor vulnerability because of a lack of basic security. We also ran across other security problems with the plugin. For example, the plugin registers functions to be accessible via AJAX by those not logged in (in addition to those logged in) despite them only allowing users with the manage_options capability to access their functionality. If you are concerned about security, we would recommend not using the plugin unless it has a thorough security review done and all issues addressed. [Read more]

9 Dec 2022

Authenticated Settings Change Vulnerability in LWS Optimize

Last week, we ran across a serious vulnerability in a new WordPress plugin, LWS Optimize. The plugin was subsequently closed on the WordPress plugin directory and then re-opened without the vulnerability being properly fixed. Not only that, but it was still missed that the plugin has an easy to spot vulnerability despite the claim that there is a manual security review before plugins are even allowed in that directory.

If you log in to WordPress with the plugin active, you can access the plugin’s settings page and change the settings even if you are a user with the Subscriber role. Only users with the manage_options capability, which normally only Administrators have, should have access to that. Instead, the plugin makes that page accessible to anyone with the read capability: [Read more]

8 Dec 2022

Remote Code Execution (RCE) Vulnerability in CX Easy Contact Form

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, a remote code execution (RCE) vulnerability in a brand new plugin, CX Easy Contact Form.

We now are also running all the plugins used by our customers through the same system used for the proactive monitoring on a weekly basis to provide additional protection for them. [Read more]

7 Dec 2022

Authenticated Option Update Vulnerability in Users Control

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, a an authenticated option update vulnerability in a brand new plugin, Users Control.

We now are also running all the plugins used by our customers through the same system used for the proactive monitoring on a weekly basis to provide additional protection for them. [Read more]

6 Dec 2022

Authenticated PHP Object Injection Vulnerability in Aarambha Kits for Elementor

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated PHP object injection vulnerability in a brand new plugin, Aarambha Kits for Elementor.

We now are also running all the plugins used by our customers through the same system used for the proactive monitoring on a weekly basis to provide additional protection for them. [Read more]

30 Nov 2022

Server-Side Request Forgery (SSRF) Vulnerability in UpdraftCentral Dashboard

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a less serious vulnerability, a server-side request forgery (SSRF) vulnerability, being introduced in to the plugin UpdraftCentral Dashboard.

We now are also running all the plugins used by our customers through the same system used for the proactive monitoring on a weekly basis to provide additional protection for them. [Read more]

30 Nov 2022

Authenticated Option Update Vulnerability in LWS Optimize

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated option update vulnerability in a brand new plugin, LWS Optimize.

We now are also running all the plugins used by our customers through the same system used for the proactive monitoring on a weekly basis to provide additional protection for them. [Read more]

28 Nov 2022

Privilege Escalation Vulnerability in ContentStudio

As discussed in a separate post, it looks like a hacker was probing for the WordPress plugin ContentStudio over the weekend. In looking over the plugin, we found that it is very insecure and contains a privilege escalation vulnerability.

In the file /contentstudio-plugin.php the plugin registers the function cstu_set_token() to run whenever WordPress loads: [Read more]

16 Nov 2022

Arbitrary File Upload Vulnerability in HTML WP

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, an arbitrary file upload vulnerability in a brand new plugin, HTML WP.

We now are also running all the plugins used by our customers through the same system used for the proactive monitoring on a weekly basis to provide additional protection for them. [Read more]