07 Dec

Not Really a WordPress Plugin Vulnerability, Week of December 7

In reviewing reports of vulnerabilities in WordPress plugins we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports we release posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular are items [Read more]

12 Oct

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WP Editor

This Vulnerability Details post about a vulnerability in the plugin WP Editor provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is provided in [Read more]

23 May

We Correctly Identified The Vulnerabilities That Hackers Were Looking to Exploit in WP Editor

A couple of weeks ago we started seeing requests for a file from the plugin WP Editor and suspected that the requests were from someone looking for website using the plugin, to exploit some vulnerability in the plugin. After seeing that we starting trying to figure out what the hacker was hoping to exploit, so [Read more]

13 May

Authenticated File Viewing Vulnerability in WP Editor

The security vulnerabilities we previously disclosed in WP Editor have now been fixed in version 1.2.6, hopefully those or something else fixed in that version was what hackers are trying to exploit. While looking around for other security issues in plugin we found another vulnerability that had existed in and all version below, which was [Read more]

12 May

Authenticated File Modification Vulnerability in WP Editor

As discussed in the more detail in the post for the other vulnerability we found in the WP Editor plugin, we recently started seeing requests for a file in this plugin on one of our websites and we believe that it was checking for use of the plugin before exploiting it. After seeing that we [Read more]

12 May

Authenticated Arbitrary File Upload Vulnerability in WP Editor

To stay on top of vulnerabilities in WordPress plugin for you, we monitor a number of different sources. One of them is hacking attempts on our websites, which mostly identifies fairly old vulnerabilities that we haven’t yet included in our data. In the case of a one vulnerability from back in 2012 we discovered that the vulnerability had [Read more]