Login

Tag Archives: Woocommerce Pay.nl Payment Methods

11 Dec 2018

Vulnerability Details: Arbitrary File Viewing in Woocommerce Pay.nl Payment Methods

In a nasty reminder of why it is a good idea for plugin developers to pair to only the files they need from third party libraries, our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins spotted a possible security issue in code being removed from the plugin Woocommerce Pay.nl Payment Methods and what we found was that for 22 months the plugin had several serious security issues due to a test file from the library PHP Curl Class. One of those being the ability to view arbitrary files on the website. We are in the process of contacting the developer of the library about this.

[Read more]

11 Dec 2018

Vulnerability Details: Arbitrary File Deletion in Woocommerce Pay.nl Payment Methods

In a nasty reminder of why it is a good idea for plugin developers to pair to only the files they need from third party libraries, our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins spotted a possible security issue in code being removed from the plugin Woocommerce Pay.nl Payment Methods and what we found was that for 22 months the plugin had several serious security issues due to a test file from the library PHP Curl Class. One of those being the ability to delete arbitrary files on the website. We are in the process of contacting the developer of the library about this.

[Read more]

11 Dec 2018

Vulnerability Details: Restricted File Upload in Woocommerce Pay.nl Payment Methods

In a nasty reminder of why it is a good idea for plugin developers to pair to only the files they need from third party libraries, our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins spotted a possible security issue in code being removed from the plugin Woocommerce Pay.nl Payment Methods and what we found was that for 22 months the plugin had several serious security issues due to a test file from the library PHP Curl Class. One of those being a restricted file upload vulnerability. We are in the process of contacting the developer of the library about this.

[Read more]