Back in June we introduced a new feature to our service where we are trying to proactively catch some serious vulnerabilities in WordPress plugins. The original idea was to catch vulnerabilities as they are being introduced in to plugins, but as we started working on doing that we realized that the way we are trying to do that would also catch existing vulnerabilities if they were in code being changed in a plugin as well. Since we started doing that work we have disclosed 15 vulnerabilities that we have identified (more will be disclosed soon). So far those all had been vulnerabilities that were pre-existing in plugins, but last week for the first time we caught a serious vulnerability as it was introduced in to a plugin. The vulnerability is PHP object injection vulnerability introduced in two locations version 1.2.2 of the plugin WordPress Meta Data and Taxonomies Filter.

That version makes a new function mdf_search_panel() available through WordPress’ AJAX functionality to both those logged in to WordPress and those not logged in (in the file /classes/shortcodes.php): [Read more]