Login

Tag Archives: WP Support Plus Responsive Ticket System

4 Feb 2019

Vulnerability Details: Reflected XSS in WP Support Plus Responsive Ticket System

The changelog for latest version of  WP Support Plus Responsive Ticket System is “Fix : HTML injection security issues fixed”. Looking at the changes made in that version there were numerous instances where variables were attempted to be escaped, mostly using htmlentities(), which isn’t really the function that should be used. In trying to figure out if there was a vulnerability that was fixed (versus just a precautionary change) we ran the previous version of the plugin through our Plugin Security Checker tool. The results of that indicated that there were a few instances where the escaping was added where the tool flagged there previously possibly being an issue. A quick check confirmed they were vulnerable and that the change made related to them didn’t fix the vulnerability.

[Read more]

2 Mar 2018

What Happened With WordPress Plugin Vulnerabilities in February 2018

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during February (and what you have been missing out on if you haven’t signed up yet): [Read more]

16 Feb 2018

Our Proactive Monitoring Caught a PHP Object Injection Vulnerability in a Fairly Popular Plugin

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability in a fairly popular plugin, of a type that hackers are likely to exploit if they know about it. Since the check used to spot this is also included in our Plugin Security Checker (which  is now accessible through a WordPress plugin of its own), it is another of reminder of how that can help to indicate which plugins are in greater need of security review (for which we do as part of our service as well as separately).

In the plugin WP Support Plus Responsive Ticket System, which has 10,000+ active installations according to wordpress.org, as of  version 9.0.3, the value of cookies were passed through the unserialize() function, which could lead to PHP object injection. Two of the instances that occurred were in the function get_current_user_session() (in the file /includes/class-wpsp-functions.php): [Read more]