10 Nov

Cross-Site Request Forgery (CSRF)/File Deletion Vulnerability in XCloner

When it comes to false reports of vulnerabilities in WordPress plugins one popular source of them that is claimed vulnerabilities that can only be exploited by an Administrator level users, which is the highest level user (unless you are using WordPress Multisite). Apparently it isn’t common sense to a lot of people that someone that [Read more]

28 Jul

False Vulnerability Report: Stored XSS in XCloner

As part of our cataloging the vulnerabilities in WordPress plugins for our service we come across false reports of vulnerabilities from time to time. So that others don’t spend their time looking over these as well, we post our findings on them. One of the problems in determining if a report of a vulnerability in a [Read more]