Login

Tag Archives: Authenticated PHP Object Injection

6 Dec 2022

Authenticated PHP Object Injection Vulnerability in Aarambha Kits for Elementor

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated PHP object injection vulnerability in a brand new plugin, Aarambha Kits for Elementor.

We now are also running all the plugins used by our customers through the same system used for the proactive monitoring on a weekly basis to provide additional protection for them. [Read more]

9 Aug 2022

WooCommerce Extending Plugin With 100,000+ Installs Contains Authenticated Option Update Vulnerability Possibly Targeted by Hacker

Early today a topic on the support forum for the WordPress plugin WOOF, which extends WooCommerce and has 100,000+ active installations, suggesting that a security issue in might be being exploited. The poster wrote this:

Can you elaborate on what you did here for the fix? We noticed a lot of client’s had products from like other sites that were not related. Curious to know what happened if anything on your end. [Read more]

9 Mar 2022

Our Proactive Monitoring Caught an Authenticated PHP Object Injection Vulnerability Being Introduced in to a WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of those vulnerabilities, an authenticated PHP object injection vulnerability being introduced in to the plugin Contact.

We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]

19 Jan 2022

Vulnerability Details: Authenticated PHP Object Injection in Build & Control Block Patterns

Our proactive monitoring to catch serious vulnerabilities in WordPress plugins recently flagged the following code from the plugin Build & Control Block Patterns due to the possibility of it allowing PHP object injection:

[Read more]

23 Nov 2021

Our Proactive Monitoring Caught an Authenticated PHP Object Injection Vulnerability Being Introduced in to WP Category Sort

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated PHP object injection vulnerability, being introduced in to the plugin WP Category Sort.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

14 Aug 2019

Authenticated PHP Object Injection Vulnerability in Backup and Staging by WP Time Capsule

With WordPress plugins that should have obvious heightened security risk we have often found that the security is poor, maybe even poorer that the average plugin. The authenticated PHP object injection vulnerability we ran across in the plugin Backup and Staging by WP Time Capsule is a good example of that insecurity.

On Friday there was a security change made related to PHP object injection to one of the most popular WordPress plugins, Formidable Forms, which has 200,000+ installs. The relevant code seemed to be something that should have been flagged by our Plugin Security Checker and proactive monitoring, but we found that it wasn’t due to usage of an alternate function to what is usually used with vulnerable code. Its usage is so uncommon that according to a search of all the plugins in the WordPress Plugin Directory using WPdirectory it was only one of three with the same basic set up. One of the other plugins was Backup and Staging by WP Time Capsule. At first glance the code in that plugin looked like it would of limited security concern, but further checking showed multiple security failures allow anyone logged in to WordPress that can access the admin area is able to exploit it. [Read more]

12 Mar 2019

Brand New WordPress Plugin by “Automattic” Includes Authenticated PHP Object Injection Vulnerability

As we have mentioned repeatedly in the past, while brand new WordPress plugins are supposed to go through a security review before being allowed in the Plugin Directory, that either isn’t happening or it isn’t very good, as we keep finding brand new plugins that contain vulnerabilities that the possibility of is flagged by our Plugin Security Checker, an automated tool for checking for the possibilities of some security issues in WordPress plugins. We have offered the team the running the Plugin Directory free access to the more advanced mode of that tool to assist them in avoiding that happening (or help in creating similar functionality in their own workflow), but we have had no interest from them. They unfortunately seem more interested in covering up the problems they are having (and in some cases causing) instead of working with others like us to get them fixed.

Our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities includes many of the same checks as the Plugin Security Checker, so in the case of the plugin Newsletter Subscription Plugin for easyping.me they both flag the possibility of a PHP object injection vulnerability, which is the type of vulnerability that hackers have been known to exploit. [Read more]

28 Nov 2018

It Would Be a Good Idea for WordPress Plugin Developers to Check Their Plugins with Our Plugin Security Checker

Yesterday we noted that the developer of the WordPress security plugin Security Ninja plugin isn’t doing a great job with the security of their plugins. In the latest example, they could have spotted an issue before we are publicly disclosing it by simply checking the plugin with our Plugin Security Checker, which identifies possible security issues in WordPress plugins. While looking into the details of another instance of them fixing a vulnerability we had identified in one of their plugins while working on an improvement to the Plugin Security Checker, this time with the plugin Nifty Coming Soon & Maintenance page we ran the plugin through our tool and saw that it got flagged for possibly including a vulnerable version of the plugin Option Tree:

[Read more]

14 Nov 2018

Full Disclosure of CSRF/PHP Object Injection Vulnerability in WordPress Theme with 70,000+ Installs

With our service we cover WordPress plugins (as you might guess from our name), but not WordPress themes. There are a number of reasons for that, including the dearth of vulnerabilities being disclosed in themes, which seems to be related to the limited amount of potentially vulnerable code in them despite it being possible for them to contain all the same types of issues as plugins. We got a reminder of that when we did a check over some of the most popular themes available in the WordPress Theme Directory against the checks we do of changes being made to plugins as part of our proactive monitoring to try to catch serious vulnerabilities before they are exploited and a few other checks. The proactive monitoring checks didn’t pull up anything, but one of the other checks brought up the fact that the theme Hueman , which has 70,000+ active installs according to wordpress.org, contains the plugin OptionTree.

Last week disclosed that OptionTree contains an authenticated PHP object injection vulnerability after noticing its usage in another plugin. With the theme Hueman the situation is somewhat worse since it isn’t even using the latest version of OptionTree, which means that it is also still vulnerable to a vulnerability that was discovered by Kacper Szurek and was fixed over two years ago. [Read more]