Login

Tag Archives: Custom Permalinks

11 Nov 2022

100,000+ Install WordPress Plugin Custom Permalinks Has Been Phoning Home to Developer for Over Two Years

The 100,000+ active install WordPress plugin Custom Permalinks has been phoning home to the developer with information about the websites it is installed on for over two years, despite it being in violation of the rules for the WordPress Plugin Directory to do that without consent.

Two days ago Jaime Martinez posted about that on the support forum for the plugin after finding that it was going on, while debugging an issue with a client’s website. So far the developer hasn’t responded to that and the plugin remains in the plugin directory. [Read more]

5 Apr 2018

Real World Result of RIPS Code Analysis Service Doesn’t Match Hyperbolic Marketing of It

Recently there was claim made that an authenticated SQL injection vulnerability had been fixed in the plugin Custom Permalinks. In looking into that though we found that it was only accessible to Administrators, who would already normally have the capability to do the equivalent of SQL injection, so that wouldn’t really be a vulnerability. What seems notable about this is that the claim of the vulnerability came from the maker of an automated security tool that is marketed out of line with the actual result shown by that vulnerability claim.

The tool is marketed with claims like this: [Read more]

2 Mar 2018

What Happened With WordPress Plugin Vulnerabilities in February 2018

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during February (and what you have been missing out on if you haven’t signed up yet): [Read more]