One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a more limited variant of one of the most likely to be exploited types of vulnerabilities as it was being introduced in to a plugin. That being an authenticated arbitrary file upload vulnerability in the plugin WP Githuber MD, which in this case would provide hackers who have access to a WordPress account with at least the Author role with the ability to gain complete control of the website.

This vulnerability is yet another good reason to check plugins you use through our Plugin Security Checker since it can alert you if plugins you use possibly contain a similar issue (and possibly contain a lot of other serious vulnerabilities). The check that flagged this is part of a recent improvement of our detection possible file upload vulnerabilities, so even if you checked the plugins before, you might find they are impacted. From there if you are a paying customer of our service you can suggest/vote for it to receive a security review that will check over that or you can order the same type of review separately. [Read more]