30 Sep

WebARX’s Idea of Threat Intelligence Involves Copying From the Low Quality Data of the WPScan Vulnerability Database

The phrase “threat intelligence” seems like it is becoming popular among security companies that are more focused on BSing  than doing the work that threat intelligence would entail, with the results for their customers being poor (up to their customers getting unnecessarily hacked). We recently ran across a post from WebARX, which we will get to the details of in a second, but at the end of was this claim:

Threat intelligence and prevention is our main focus and thus our firewall engine is updated on a daily basis. [Read more]

10 Jul

WebARX Claims to “Protect Websites from Plugin Vulnerabilities”, but Doesn’t Even Have a Good Grasp of Them

When we mentioned the web security provider WebARX provider back in March it was in the context of their service providing less protection against a WordPress plugin vulnerability than simply keeping plugins up to date, while they made it seem otherwise. That is a pretty big issue when their service is prominently promoted with the claim that it can “Protect websites from plugin vulnerabilities”, as can be seen on their homepage:

[Read more]

06 May

Apparent Exploits of Vulnerability in Blog Designer Reminder of the Importance of Keeping Your WordPress Plugins Up to Date

Last Tuesday we warned about a vulnerability likely to be exploited in the plugin Blog Designer, unlike another WordPress plugin vulnerability we ran across recently in a similar situation, this one was quickly fixed and the plugin reopened on the Plugin Directory the next day (the vulnerability had been independently discovered by WebARX).

Through the monitoring we do to keep track of discussions on the WordPress Support Forum possibly related to vulnerabilities in WordPress to make sure we are providing our customers with the best possible data on vulnerabilities in WordPress plugins they use, we have run across reports that this is now being exploited. Here is one: [Read more]

26 Mar

WebARX Hides That Their Firewall Failed To Provide Same Protection Simply Updating WordPress Plugin Would Have

Yesterday a company named WebARX discussed a vulnerability we had discovered in a WordPress plugin named Social Warfare, though you wouldn’t know that it you read their post:

Last week, an unnamed security researcher publicly disclosed security vulnerabilities in the popular WordPress plugin “Social Warfare“. [Read more]

13 Feb

The Missing Story About WordPress Plugin Developers’ Failure To Make Sure Their Plugins Are Secure

Coverage of WordPress plugin vulnerabilities is rather poor and coverage of an authenticated option update vulnerability in the plugin Simple Social Buttons disclosed on Monday was no exception. For example, you had a security journalist that frequently spreads false and misleading information, Catalin Cimpanu, make this statement in regards to WordPress:

Some sites are inherently protected against this vulnerability, as their admins have already blocked user registration due to security reasons. [Read more]