Login

Tag Archives: Google Doc Embedder

29 Mar 2019

Not Really a WordPress Plugin Vulnerability, Week of March 29

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports we release posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular are items that are not outright false, just the issue is probably more accurately described as a bug. For those that don’t rise to level of getting their own post we now place them in a weekly post when we come across them.

Open Redirect in Google Doc Embedder

A common source of claimed vulnerabilities in these posts for the past few months has been someone with the handle “KingSkrupellos” that the website Packet Storm keeps posting inaccurate reports from. With their claim of an open redirect vulnerability in Google Doc Embedder, the report doesn’t make a whole lot of sense. For example, these are the versions they list as being vulnerable: [Read more]

6 Oct 2017

Not Really a WordPress Plugin Vulnerability – Week of October 6, 2017

In reviewing reports of vulnerabilities in WordPress plugins we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports we have been releasing posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular are items that are not outright false, just the issue is probably more accurately described as a bug. We have been thinking that providing information on why those are not included in our service’s data could be useful, so we are trying out putting a weekly post when that occurs detailing those issues.

Reflected Cross-Site Scripting (XSS) Vulnerability in Google Doc Embedder

Earlier today we mentioned that there are a number of issues with the Plugin Directory’s reviewing plugins before they return to the directory, which is one of many issues that seems like it could be improved if the people behind that were more open about what they are doing and able incorporate outside suggestions for improvement. Another area that seems like it might be improvable based on what is describe below, is deciding when to remove plugins. [Read more]