18 Apr

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in WordPress Download Manager

This post provides the details of a vulnerability in the WordPress plugin WordPress Download Manager not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website is vulnerable due to it.

[Read more]

01 Feb

What Happened With WordPress Plugin Vulnerabilities in January 2018

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

[Read more]

16 Jun

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WordPress Download Manager

This post provides the details of a vulnerability in the WordPress plugin WordPress Download Manager not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website is vulnerable due to it.

[Read more]

16 Jun

Vulnerability Details: Authenticated Open Redirect in WordPress Download Manager

This post provides the details of a vulnerability in the WordPress plugin WordPress Download Manager not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service to help protect your website for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website is vulnerable due to it.

[Read more]

27 Jun

Authenticated Arbitrary File Upload Vulnerability in WordPress Download Manager

Two weeks ago we found an arbitrary file upload vulnerability in the plugin XData Toolkit. After finding that we wanted to see if there were any very popular plugins that might have similar issue in them. We didn’t find any with such a serious issue, but we did find that the WordPress Download Manger plugin, which has 80,000+ active install according to wordpress.org, does have a more limited arbitrary file upload issue.

[Read more]