Login

Tag Archives: 10Web Booster

Plugin Security Scorecard Grade for 10Web Booster

Checked on August 14, 2024
F

See issues causing the plugin to get less than A+ grade

14 Feb 2023

Hacker Looking for Usage of 10Web WordPress Plugin That Contains Type of Vulnerability That Hackers Target

In June 2021, the WordPress security provider Patchstack announced that they were partnering with WordPress plugin provider and web host 10Web. Patchtack claimed that they and 10Web were working together to “help strengthen the WordPress ecosystem.” It was a curious claim at the time, considering that 10Web was at that very time failing to fix a vulnerability they knew about in two of their plugins with 320,000+ installs. (One of those plugins has now been closed on the WordPress Plugin Directory since June 2022 because of a “Security Issue.”) The partnership hasn’t led to 10Web’s plugins getting more secure.

In July of last year, the plugin 10Web Booster was introduced on to the WordPress Plugin Directory. If you believed 10Web’s marketing, you would believe that the plugin would have been properly secured: [Read more]

11 Nov 2022

Cross-Site Request Forgery (CSRF)/Plugin Deactivation Vulnerability in 10Web Booster

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a less serious variant of one of those vulnerabilities, a cross-site request forgery (CSRF)/plugin deactivation vulnerability in 10Web Booster.

We now are also running all the plugins used by our customers through that on a weekly basis to provide additional protection for them. [Read more]