Vulnerability Report

7 Jun 2021

Poor Handling of Security in WordPress Plugin Directory Also Impacts ClassicPress Directory

On Friday we noted that we had started doing proactive monitoring of the plugin’s in the WordPress fork ClassicPress’ plugin directory for serious security issues and had also had run the ClassicPress plugins available in that through our Plugin Security Checker, which flags the possibility of additional less serious issues. We found a couple of plugins with minor security issues through that, including one with a vulnerability. That vulnerability was promptly fixed. Also, on Friday we ran the six plugins from the WordPress Plugin Directory also included in ClassicPress’ directory through the same tool. We found two of them had a really easy to spot minor vulnerability.

This is the kind of thing that the WordPress Plugin Directory Team could easily have systems in place to catch and automatically warn developers of. We have repeatedly offered to help them implement this type of thing, but, like other attempts help them to improve their poor handling of security, they have shown no interest. [Read more]

4 Jun 2021

Our First Check of the Security of ClassicPress Plugins Found a Minor Vulnerability

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. We have now brought similar monitoring to the Plugin Directory for the WordPress fork ClassicPress. That directory includes both plugins developed for ClassicPress and some plugins directly from the WordPress Plugin Directory.

The structure of ClassicPress’ directory is different, so instead of checking over the changes being made as we can do with WordPress, we check over all the plugins we can download at regular intervals. At this point we can not process them all in an automated way because of a couple of issues with easily getting access to the download links (those might be in the process of being resolved), but we were able to check a significant number of them earlier this week and none of them had any code that was flagged. [Read more]

3 Jun 2021

A Hacker Looks to be Probing for Product Feed PRO for WooCommerce, This Vulnerability Could be Their Target

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may use, we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website yesterday for the plugin Product Feed PRO for WooCommerce by requesting these files:

/wp-content/plugins/woo-product-feed-pro/css/woosea_admin.css
/wp-content/plugins/woo-product-feed-pro/js/woosea_add_cart.js
/wp-content/plugins/woo-product-feed-pro/readme.txt [Read more]

1 Jun 2021

Persistent Cross-Site Scripting (XSS) Vulnerability in WordPress Plugin Quiz And Survey Master

The changelog entry for the latest version of the WordPress plugin Quiz And Survey Master is:

Bug: Fixed recently discovered security issues. [Read more]

28 May 2021

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability in Content Mask

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated option update vulnerability in the plugin Content Mask, which can also be exploited through cross-site request forgery (CSRF).

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

26 May 2021

A Hacker Looks to be Probing for Modern Event Calendar Lite, This Vulnerability Could be Their Target

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using, we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin Modern Events Calendar Lite by requesting these files:

/wp-content/plugins/modern-events-calendar-lite/assets/css/mecrtl.css
/wp-content/plugins/modern-events-calendar-lite/readme.txt
/wp-content/plugins/modern-events-calendar-lite/assets/js/events.js [Read more]

26 May 2021

Our Proactive Monitoring Caught an Authenticated Arbitrary File Upload Vulnerability Being Added to a WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a fairly serious vulnerability being introduced in to the plugin Delicious Recipes, an authenticated arbitrary file upload vulnerability.

The cause of this is a lack restriction on what types of files can be upload through the plugin’s functionality to upload a profile photo. The function upload_profile_image() in the file /src/dashboard/class-delicious-recipes-form-handler.php handles the AJAX request for that: [Read more]

25 May 2021

Our Proactive Monitoring Caught a Reflected XSS Vulnerabilities in a WordPress Plugin With 400,000+ Installs

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a reflected cross-site scripting (XSS) vulnerabilities in the plugin ProfilePress, which has 400,000+ active installations.

The possibility of these vulnerabilities is also now flagged by our Plugin Security Checker due an improvement we made based on these vulnerabilities, so you can check plugins you use to see if they might have similar issues with that tool. The tool flags other possible security issues in the plugin, so we wouldn’t recommend using the plugin unless the security has more broadly been reviewed and corrected. [Read more]

24 May 2021

While Looking Into One Vulnerability Being Fixed in a WordPress Plugin, We Found Another One

The plugin Side Menu was closed on the WordPress Plugin Directory on Wednesday. On Friday a new version was submitted with the changelog entry “Fixed: Security parameters”. While checking over the vulnerability that was fixed in that version, we found yet another vulnerability still exists in the plugin. That vulnerability being a cross-site request forgery (CSRF)/local file inclusion (LFI) vulnerability.

Based on this vulnerability we have improved our Plugin Security Checker’s detection of LFI vulnerabilities to flag code like the code that is in this plugin. So you can check plugins you use to see if they might have similar issues with that tool. [Read more]

9 Mar 2020

Fortinet’s FortiGuard Labs Is Putting Out Reports That Falsely Claim Vulnerabilities in WordPress Plugins Have Been Fixed

Recently if you were relying on other sources for information on vulnerabilities in WordPress plugins you use you would have seen it claimed that Envira Gallery Lite recently contained a vulnerability that was fixed in version 1.7.7.

Here is that on the CVE : [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Vulnerability Report