Login

Tag Archives: Machine Learning

3 Apr 2023

Settings Change Vulnerability in XML Sitemaps

The latest version of the WordPress plugin XML Sitemaps was flagged by a machine learning based system we have to try to detect if changes made to plugins used by our customers have had vulnerabilities introduced in to them. It wasn’t hard to find a vulnerability being introduced in to the new version of the plugin. The new version introduces a “beta testing program” and code that is supposed to register consent for that lacks any security checks, so anyone access that.

That code is in the function register_consent, which is located in the file /sitemap.php: [Read more]

24 Feb 2023

Privilege Escalation Vulnerability in Enable Media Replace

The changelog for the latest version of the WordPress plugin Enable Media Replace makes no mention of fixing a security vulnerability, but there was a very minor one fixed. The changes being made in that version were flagged by our machine learning system, which tries to catch security fixes being made without it being disclosed.

[Read more]

10 Feb 2023

AI Can Help to Catch Vulnerabilities in WordPress Plugins, but It Doesn’t Change Developers Bad Handling of Them

A week ago, the developers of the 200,000+ install WordPress plugin Fluent Forms tried to address a security issue in the plugin, but failed, leaving a vulnerability in the plugin. You wouldn’t know about that from various WordPress plugin vulnerability data providers that claim they have the most comprehensive data (Wordfence) or to be the first to warn about vulnerabilities (WPScan and Patchstack), since they haven’t warned their customers about this yet. You wouldn’t know about that from the changelog for the plugin, since the developer didn’t disclose it. If they had fixed the issue, there would still be a problem, since they didn’t bump the version number when they made the change, so those already on the latest version wouldn’t have gotten the upgrade.

As at least one of our customers is using the plugin, a machine learning (artificial intelligence (AI)) based system we created reviewed the relevant change and flagged it as possibly fixing a vulnerability. We manually reviewed the change and saw that the developer had applied the wrong security change (more on that coming in a separate more technical post about the issue more generally). Saturday, we confirmed that this was an exploitable vulnerability (and not just a security issue), notified the developer of the issue and offered to help them fix it, and warned our customers that the plugin is vulnerable. [Read more]

4 Feb 2023

Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in Fluent Forms

After version 4.3.24 of the WordPress plugin Fluent Forms was released, the developer made an additional change to that version with no description of the change. That change was flagged by our machine learning system, which tries to catch security fixes being made without it being disclosed.

[Read more]

16 Jun 2022

Essential Addons for Elementor Again Appears to Have Unintentionally Fixed an Authenticated Persistent XSS Vulnerability

We have recently been testing to see if we can improve our ability to detect vulnerabilities being introduced and fixed in WordPress plugins using machine learning. One of our interests in doing that is so that we can better deal with situation where developers don’t disclose that they are fixing or attempting to vulnerabilities in their plugins. That appears to have happened again with one of the most popular WordPress plugins, Essential Addons for Elementor, which has 1+ million active installs according to WordPress.

Like the previous instance three weeks ago, the developer fixed an authenticated persistent cross-site scripting (XSS) vulnerability without disclosing it and possibly without knowing they were fixing it. Like last time, they also didn’t fully address the underlying insecurity. This time, it involves the Event Calendar element. The changelog for the version this was fixed in contains several entries for that element: [Read more]

26 May 2022

1+ Million Install WordPress Plugin Essential Addons for Elementor Unintentionally Fixed Two Instances of Vulnerability, Another Instance Remained

We have recently been testing to see if we can improve our ability to detect vulnerabilities being introduced and fixed in WordPress plugins using machine learning. One of our interests in doing that is so that we can better deal with situation where developers don’t disclose that they are fixing or attempting to vulnerabilities in their plugins. That appears to have happened with the version of one of the most popular WordPress plugins, Essential Addons for Elementor, which has 1+ million active installs according to WordPress, that was released yesterday.

One of the machine learning models we are testing flagged the changes to the PHP code being made in that as having fixed a vulnerability. There is a changelog entry that indicates that a security change was being made to the plugin: [Read more]