Login

Tag Archives: WordPress Plugin Security Review

31 Mar 2017

WordPress Plugin Security Review: Easy Digital Downloads

For our fifth security review of a plugin based on the voting of our customers, we reviewed the plugin Easy Digital Downloads.

If you are not yet a customer of the service you can currently try it free for your first month and then start suggesting and voting on plugins to get security reviews after your first payment for the service. For those already using the service that haven’t already suggested and voted for plugins you can start doing that here. [Read more]

20 Mar 2017

WordPress Plugin Security Review: Cloudflare

For our sixth security review of a plugin based on the voting of our customers (we are still waiting to release the results of the fifth until after the developer has a chance to fix the most serious issue found), we reviewed the plugin Cloudflare.

If you are not yet a customer of the service you can currently try it free for your first month and then start suggesting and voting on plugins to get security reviews after your first payment for the service. For those already using the service that haven’t already suggested and voted for plugins you can start doing that here. [Read more]

22 Feb 2017

WordPress Plugin Security Review: Democracy Poll

For our fouth security review of a plugin based on the voting of our customers, we reviewed the plugin Democracy Poll.

If you are not yet a customer of the service you can currently try it free for your first month and then start suggesting and voting on plugins to get security reviews after your first payment for the service. For those already using the service that haven’t already suggested and voted for plugins you can start doing that here. [Read more]

23 Jan 2017

WordPress Plugin Security Review: Crayon Syntax Highlighter

For our third security review of a plugin based on the voting of our customers, we reviewed the plugin Crayon Syntax Highlighter.

If you are not yet a customer of the service you can currently try it free for your first month and then start suggesting and voting on plugins to get security reviews after your first payment for the service. For those already using the service that haven’t already suggested and voted for plugins you can start doing that here. [Read more]

17 Jan 2017

WordPress Plugin Security Review: WangGuard

Last week we did the first release of results from our security reviews of WordPress plugins selected by our customers. That actually involved the second the plugin we reviewed though, as we were waiting to hear back from the developer of the first plugin we reviewed, WangGuard, after notifying them of the security issues we found. It has now been two weeks without a response from the developer or fixes for the vulnerabilities (it looks like the plugin might not be supported anymore), so we will disclose the results now. One of the issues found is something that will usually cause a plugin to be removed the Plugin Directory, so the plugin will likely be removed from that shortly.

If you are not yet a customer of the service you can currently try it free for your first month and then start suggesting and voting on plugins to get security reviews after your first payment for the service. For those already using the service that haven’t already suggested and voted for plugins you can start doing that here. [Read more]

9 Jan 2017

WordPress Plugin Security Review: SSL Insecure Content Fixer

Back in November we announced that we would be doing security reviews of WordPress plugins selected by our customers. We recently got the first suggestions/votes for plugins to review and started doing the reviews based on the results so far (if you are a customer and haven’t suggested plugins or voted for those suggested by others you can do that here). The first review identified a number of issues, which we have notified the developer of, but so far we have not heard back from them and they have not been fixed, so we are holding back releasing the results of that at the moment. In the meantime we have completed the second review, which was done on version 2.2.1 of SSL Insecure Content Fixer.

Since we announced this feature of the service we have added one item to those that we check during the review, deserialization of untrusted data, which can lead to PHP object injection. We have recently seen several cases where that type of vulnerability either was being exploited or likely being exploited in WordPress plugins. The full list of items we checked for during the review are: [Read more]