25 Sep

WordPress Support Forum Moderators Engaged In Cover Up of Security Issues in WordPress Plugins

One of the really unfortunate things about the security issues related to WordPress plugins is how often people on the WordPress side of things are actually actively making things worse. Just yesterday we ran into another example, which at best shows they are engage in misguided behavior and are unable to work effectively with others who are actually trying to improve security.

[Read more]

24 Sep

Vulnerability Details: Same Origin Method Execution (SOME) Vulnerability in WooCommerce Product Addons (N-Media WooCommerce PPOM)

This Vulnerability Details post about a vulnerability in the plugin N-Media WooCommerce PPOM provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

21 Sep

Vulnerability Details: Parameter Tampering Vulnerability in WooCommerce Product Addons (N-Media WooCommerce PPOM)

This Vulnerability Details post about a vulnerability in the plugin N-Media WooCommerce PPOM provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]