06 Sep

Arbitrary File Upload Vulnerability in Woocommerce Product Designer

Last week we looked a recent example of the security industry vastly overstating the impact of a vulnerability, in that instance it involved a reflected cross-site scripting (XSS) vulnerability in a plugin used with the popular WordPress eCommerce plugin WooCommerce. What that situation also highlighted is the poor state of detection of vulnerabilities in WordPress plugins. Here is what the discoverer SiteLock wrote about finding it:

[Read more]