02 Jan

Our Proactive Monitoring Caught an Authenticated Arbitrary File Upload Vulnerability in WP Githuber MD

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is theĀ proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a more limited variant of one of the most likely to be exploited types of vulnerabilities as it was being introduced in to a plugin. That being an authenticated arbitrary file upload vulnerability in the plugin WP Githuber MD, which in this case would provide hackers who have access to a WordPress account with at least the Author role with the ability to gainĀ complete control of the website.

[Read more]