Login

Tag Archives: Vulnerability Report

9 Mar 2020

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability Being Introduced in to SP Project & Document Manager

One of the ways we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated option update vulnerability being introduced in to the plugin SP Project & Document Manager, which can also be exploited through cross-site request forgery (CSRF).

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. The tool flags other possible security issues in the plugin, so we wouldn’t recommend using the plugin unless the security has more broadly been reviewed and corrected. [Read more]

4 Mar 2020

Authenticated Information Disclosure Vulnerability in WP Ultimate Exporter

On Monday while looking into why the plugin WP Ultimate CSV Importer was being targeted by a hacker we noticed that the companion plugin WP Ultimate Exporter is similarly insecure and contains an authenticated information disclosure vulnerability, which can also be exploited through cross-site request forgery (CSRF). This isn’t the first time we found an issue with this plugin and we put out a general warning about the security of the developer’s plugins back in 2016.

The plugin registers the function parseData() to be accessible through WordPress’ AJAX functionality to anyone logged in to WordPress: [Read more]

3 Mar 2020

Bad Practices by Fortinet and the WPScan Vulnerability Database Lead to False Claim of Vulnerability Being Fixed in WordPress Plugin

Years ago we recommended data from the WPScan Vulnerability Database as good alternative to our service, since while their data was of lower quality, it was available for free. Now more and more access is being charged for, while the quality of the data has gotten worse since we used to recommend it. Here is a recent example of that, which also shows bad practices from Fortinet made it hard to figure when they screwed up in disclosing a vulnerability.

Here is the current version of the entry from WPScan of a vulnerability in Testimonials: [Read more]

2 Mar 2020

Hackers May Already Be Targeting This Authenticated Arbitrary File Upload Vulnerability in WP Ultimate CSV Importer

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website yesterday for the plugin WP Ultimate CSV Importer by requesting these files:

  • /wp-content/plugins/wp-ultimate-csv-importer/assets/css/deps/csv-importer-free.css
  • /wp-content/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer.md

Like the previous plugins we discussed last week that appear to be targeted by this campaign, the plugin is very insecure. The most serious vulnerability we noticed in that would probably be an authenticated arbitrary file upload vulnerability. [Read more]

28 Feb 2020

Hackers May Already Be Targeting This Authenticated Persistent XSS Vulnerability in Live Preview for Contact Form 7

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin Live Preview for Contact Form 7 by requesting these files:

  • /wp-content/plugins/cf7-live-preview/assets/js/cf7-live-preview.js
  • /wp-content/plugins/cf7-live-preview/assets/css/cf7-live-preview.css
  • /wp-content/plugins/cf7-live-preview/README.txt

Like the previous plugins we discussed this week that look to be part of the same campaign this plugin also contains an authenticated persistent cross-site scripting (XSS) vulnerability, so that would be a likely target for the hacker. [Read more]

28 Feb 2020

Recently Closed WordPress Plugin with 60,000+ Installs Contains Multiple Vulnerabilities

The plugin Contact Form Submissions was closed on the WordPress Plugin Directory yesterday. That is one of the 1,000 most popular plugins with 60,000+ installs, so we were alerted to its closure. While we were looking in to the plugin to see if there were any serious vulnerabilities we should be warning users of the plugin that also use our service, we found that it contains a CSV injection vulnerability and an authenticated SQL injection vulnerability, which can also exploited through cross-site request forgery (CSRF).

The CSV injection vulnerability involves a lack of escaping when using the plugin “Export to CSV” feature, as can be confirmed with the proof of concept below. [Read more]

27 Feb 2020

Cross-Site Request Forgery (CSRF)/Arbitrary File Deletion Vulnerability in Order / Coupon / Subscription Export Import Plugin for WooCommerce

While looking into something else related to the security of the plugin Order / Coupon / Subscription Export Import Plugin for WooCommerce (Order Export & Order Import for WooCommerce) we found that the latest version introduced a cross-site request forgery (CSRF)/arbitrary file deletion vulnerability.

In the new version these lines of code were added to the file /includes/importer/class-wf-orderimpexpcsv-order-import.php: [Read more]

26 Feb 2020

Hackers May Already Be Targeting This Authenticated Persistent XSS Vulnerability in Easy Forms for Mailchimp

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin Easy Forms for Mailchimp by requesting these files:

  • /wp-content/plugins/yikes-inc-easy-mailchimp-extender/admin/js/yikes-inc-easy-mailchimp-dashboard-widget.js
  • /wp-content/plugins/yikes-inc-easy-mailchimp-extender/public/js/form-submission-helpers.js
  • /wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt

In a quick check over the plugin we found that it contains numerous security issues, so we would recommend the plugin should get a thorough security review before being used. Like the previous plugins we discussed this week that look to be part of the same campaign this plugin also contains an authenticated persistent cross-site scripting (XSS) vulnerability, so that would be a likely target for the hacker. Since the plugin has 100,000+ installs, it makes it more likely a hacker can find websites that allow untrusted individuals access to WordPress accounts so they can exploit it. [Read more]

24 Feb 2020

Hackers May Already Be Targeting This Authenticated Persistent XSS Vulnerability in Advanced Post List

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin Advanced Post List by requesting these files:

  • /wp-content/plugins/advanced-post-list/readme.txt
  • /wp-content/plugins/advanced-post-list/admin/js/apl-notices.js
  • /wp-content/plugins/advanced-post-list/admin/css/admin.css

When we started reviewing the plugin we immediately found a vulnerability that matches the type we have have seen in plugins being probed for in a similar way in the past (including the other plugin we saw probed for today), an authenticated persistent cross-site scripting (XSS) vulnerability. [Read more]

24 Feb 2020

Hackers May Already Be Targeting This Authenticated Persistent XSS Vulnerability in IMPress for IDX Broker

As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin IMPress for IDX Broker by requesting these files:

  • /wp-content/plugins/idx-broker-platinum/readme.txt
  • /wp-content/plugins/idx-broker-platinum/assets/js/idx-leads.js
  • /wp-content/plugins/idx-broker-platinum/assets/css/idx-admin.css

When we started reviewing the plugin we immediately found a vulnerability that matches the type we have have seen in plugins being probed for in a similar way in the past, an authenticated persistent cross-site scripting (XSS) vulnerability. [Read more]