01 Feb

What Happened With WordPress Plugin Vulnerabilities in January 2018

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during January (and what you have been missing out on if you haven’t signed up yet): Plugin [Read more]

16 Jun

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WordPress Download Manager

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. There are number of reasons we believe it is a [Read more]

16 Jun

Vulnerability Details: Authenticated Open Redirect in WordPress Download Manager

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. An advisory was released by the JPCERT/CC and IPA that an open [Read more]

27 Jun

Authenticated Arbitrary File Upload Vulnerability in WordPress Download Manager

Two weeks ago we found an arbitrary file upload vulnerability in the plugin XData Toolkit. After finding that we wanted to see if there were any very popular plugins that might have similar issue in them. We didn’t find any with such a serious issue, but we did find that the WordPress Download Manger plugin, which [Read more]