Tag Archives: Authenticated Server-Side Request Forgery (SSRF)

Machine Learning Helps Catch Authenticated Server-Side Request Forgery (SSRF) Vulnerability Being Introduced in to Spectra

The changes made to version 2.11.0 of the WordPress plugin Spectra got flagged by our machine learning (artificial intelligence (AI)) based system for catching vulnerabilities being introduced in updates to WordPress plugins. Checking the changes made, we immediately found that new code that is insecure was introduced in to the new version. We further confirmed that at least one vulnerability was introduced and there may be more.

As an obvious example of insecurity, this AJAX accessible function was added that doesn’t include a needed capabilities check: [Read more]

Full Disclosure of CSRF/SSRF Vulnerability in WordPress Plugin With 800,000+ Installs

One of the impediments we see to improving security of WordPress plugins (as well as security in general) is that security journalist don’t provide a good picture of what is and isn’t going on, so others don’t understand what is actually needed to be done to improve the situation. One recent example comes from Catalin Cimpanu at ZDNet’s Zero Day blog who put forward this one sided (at best) portrayal of the handling of the security of WordPress plugins by the people on the WordPress side of things:

Campbell says the WordPress team has been collaborating with the authors of the most popular plugins on its Plugins repository. It’s been helping these plugins follow best coding practices. [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Authenticated Server-Side Request Forgery (SSRF)

Machine Learning Helps Catch Authenticated Server-Side Request Forgery (SSRF) Vulnerability Being Introduced in to Spectra

Full Disclosure of CSRF/SSRF Vulnerability in WordPress Plugin With 800,000+ Installs