Tag Archives: Memphis Documents Library

13 Sep 2019

Vulnerability Details: Multiple in Memphis Documents Library

One of the changelog entries for the latest version of Memphis Documents Library is “Update – Security fixes.” Looking at the changes made in that version we found that a nonce check was added before handling the uploading of files through the plugin. The types of files that can be uploaded is restricted, so there was previously a cross-site request forgery (CSRF)/restricted file upload vulnerability in the plugin. In determining what versions were impacted by this we found that in earlier versions the types of files that can be uploaded wasn’t restricted, so there was previously a cross-site request forgery (CSRF)/arbitrary file upload vulnerability as well.

…

[Read more]

30 Jun 2017

What Happened With WordPress Plugin Vulnerabilities in June 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during June (and what you have been missing out on if you haven’t signed up yet): [Read more]

6 Jun 2017

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Memphis Documents Library

_{From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.}

…

[Read more]