Login

Tag Archives: Estatik

19 Mar 2019

Full Disclosure of Cross-Site Request Forgery (CSRF)/Option Update Vulnerability in Estatik

As the finding and exploitation of an authenticated option update vulnerability in the Freemius library, which is used by many WordPress plugins, by hackers shows is that there has not been enough focus on making sure that code that can lead to option update vulnerabilities is properly secured. Through our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities we have been on the lookout for some of those since November and we keep finding them, though as with the one we found in the plugin Estatik sometimes things are coded in way that limits the worst possible result of that (that doesn’t always appear to have been intentional). In this case of this plugin, poor security isn’t a new issue as we spotted the possibility that another vulnerability due to poor security was being exploited back in June of 2016.

The plugin registers for the function remove() in the class Es_Data_Manager_Item to be accessible through WordPress’ AJAX functionality to anyone logged in: [Read more]

12 Aug 2016

You Are Not Always Going to Get The Best Information on WordPress Plugin Vulnerabilities From Twitter

We are always looking for ways to improve the vulnerability data on WordPress plugins we provide to our customers. One of the things we have been doing recently is reviewing some old third-party data on hacking attempts to help identify vulnerabilities that probably have been known and exploited by hackers for some time, but have continued to exists in the plugins because nobody on the good sign of things was looking for them (which is contrary to the marketing claims you might hear from a certain WordPress security company).

Through that we found an arbitrary file upload vulnerability in the Estatik plugin. Among common types of vulnerabilities, arbitrary file upload vulnerabilities are probably the most likely to be exploited, so having one exist in a plugin for more than a year after it looks like hacker had been targeting it, doesn’t point to the security of WordPress plugins being great at this time. [Read more]

1 Aug 2016

Arbitrary File Upload Vulnerability in Estatik

As we continue to review old third-party data on hacking attempts to identity more vulnerabilities that hackers have likely already discovered in WordPress plugins we spotted an arbitrary file upload vulnerability in the plugin Estatik.

Back in June of last year a request was made for the file /wp-content/plugins/estatik/front_templates/css/es_front_responsive.css, for what was likely a probe for usage of the plugin before exploiting it. Looking over that plugin for any obvious issues we found that in the current version of it, 2.2.5, a file upload capability is accessible without being logged, despite only being intended to be accessed by users logged in as Administrators. [Read more]