Login

Tag Archives: Cross-Site Request Forgery (CSRF)/Option Update

10 Feb 2022

Our Proactive Monitoring Caught a CSRF/Option Update Vulnerability in a WordPress Plugin Used by Our Customers

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. We have now expanded that for our customers, by running plugins used by our customers, even when code in them is not updated, through the same system on a weekly basis. Through that, we caught a less serious variant of one of those vulnerabilities, a cross-site request forgery (CSRF)/option update vulnerability in Profile Builder. Which, besides being used by at least one of our customers, is used on 60,000+ websites according to wordpress.org’s stats.

CSRF/Option Update

Among the add-ons for Profile Builder that ship with the plugin is Import and Export, which is described this way: [Read more]

7 Jan 2022

Our Plugin Security Checker Identified an Authenticated Option Update Vulnerability in a WordPress Plugin with 20,000+ Installs

One of the tools we have developed to help keep websites secure from vulnerabilities in WordPress plugins is our Plugin Security Checker, which identifies the possibility of some instances of vulnerabilities in plugins. One way we work to improve the quality of the results produced by that is doing occasional checks of results of plugins people are running through that. Through that we confirmed that the plugin Material Design for Contact Form 7, which has 20,000+ installs, contains a fairly serious type of vulnerability, an authenticated option update vulnerability. Though the specifics limit the ability for it to be abused in a non-targeted attack.

The tool identified the following code as possibly vulnerable: [Read more]

8 Dec 2021

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability in WP Leads Builder For Any CRM

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, an authenticated option update vulnerability, in the plugin WP Leads Builder For Any CRM.

Through the same monitoring, we identified the same type of vulnerability in another of the developer’s plugins three weeks ago. We put out an advisory on the developer due to continued poor handling of security over five years ago. [Read more]

22 Jun 2021

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability in WordPress Plugin INDIGITALL

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated option update vulnerability in the plugin INDIGITALL, which can also be exploited through cross-site request forgery (CSRF).

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

28 May 2021

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability in Content Mask

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated option update vulnerability in the plugin Content Mask, which can also be exploited through cross-site request forgery (CSRF).

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

9 Mar 2020

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability Being Introduced in to SP Project & Document Manager

One of the ways we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated option update vulnerability being introduced in to the plugin SP Project & Document Manager, which can also be exploited through cross-site request forgery (CSRF).

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. The tool flags other possible security issues in the plugin, so we wouldn’t recommend using the plugin unless the security has more broadly been reviewed and corrected. [Read more]

26 Aug 2019

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability in HandL UTM Grabber

One of the ways we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated option update vulnerability in the plugin HandL UTM Grabber, which can also be exploited through cross-site request forgery (CSRF).

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

25 Jul 2019

Vulnerability Details: Option Update in ND Shortcodes (ND Shortcodes For Visual Composer)

The plugin ND Shortcodes (ND Shortcodes For Visual Composer) was closed on the Plugin Directory yesterday. Today a new version was submitted with the changelog “Improved nd_options_import_settings_php_function function for security reasons”. Looking at the code we found the plugin previously contained a vulnerability that allowed updating arbitrary WordPress options to arbitrary values, though it looks like it would only be exploitable in limited circumstances.

[Read more]

11 Jul 2019

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Option Update in One Click SSL

One of the changelog entries for the latest version of One Click SSL is “IMPROVE: Security fixes and improvements enhancement”, when we went to look to see if there were any reports related to vulnerabilities fixed in that we found the WPScan Vulnerability Database claiming this:

[Read more]