15 Jun 2016

Arbitrary File Upload Vulnerability in XData Toolkit

Recently we have been finding a lot of vulnerabilites in WordPress plugins based on looking into plugins that it looks like hackers have been probing for the use of our websites. Today we got such a request for the file /wp-content/plugins/xdata-toolkit/css/timepicker.css, which is part of the plugin XData Toolkit. In looking into what the hackers might be trying to exploit, one of the first things we noticed was that the plugin only has 70+ active installs and hasn’t been updated in four years according to wordpress.org:

xdata-toolkit [Read more]