Login

Tag Archives: Persistent Cross-Site Scripting (XSS)

31 May 2024

Hacker Targeting Incompletely Fixed Vulnerability in WordPress Plugin YITH WooCommerce Ajax Search

A hacker has started targeting a vulnerability in the WordPress plugin YITH WooCommerce Ajax Search, which has been incompletely fixed. That vulnerability allows an attacker to cause malicious JavaScript code to run on an admin page of the website. While a recent update protects those using the updated version from exploitation, it doesn’t fully address the problem, so any websites updated after it was exploited are still vulnerable. While not all older versions of the plugin are vulnerable, it looks like significant portion of the 70,000+ websites using the plugin could still be using a vulnerable version based on the data provided by WordPress about its usage and download count.

Yesterday, our Plugin Vulnerabilities Firewall blocked multiple attempts to exploit the vulnerability on our website. The exploit attempts came from an IP address, 93.174.93.127, registered to IP Volume inc: [Read more]

25 Jul 2023

Unfixed Persistent Cross-Site Scripting (XSS) Vulnerability in WordPress Plugin Targeted by Hacker

Today, we had someone probing for usage of the WordPress plugin MultiParcels Shipping For WooCommerce through a request for the plugin’s readme.txt file on one of our websites.

On July 17, a vague claim that an authenticated SQL injection vulnerability had recently been fixed in the plugin was released, which might explain a hacker’s interest in the plugin. There is also a claim that a minor vulnerability that has not been fixed yet exists in the plugin. [Read more]

31 Jan 2023

Hacker Might Be Exploiting Unfixed Plugin Vulnerability That WPScan, Patchstack, and Wordfence All Claimed Was Fixed

In a now deleted review of the WordPress plugin Beautiful Cookie Consent Banner, someone made the claim that the plugin is insecure and leading to malware:

The plugin is full of malware. Check your source code and run a security check. If you have malware, its this plugin!!! [Read more]

19 Oct 2022

Persistent Cross-Site Scripting (XSS) Vulnerability in Advanced Contact Form 7 DB (Advanced CF7 DB)

In a separate post we discuss in more detail at vague claims made that there has been a persistent cross-site scripting (XSS) vulnerability in the plugin Advanced Contact Form 7 DB (Advanced CF7 DB). Patchstack claimed that a vulnerability of that type was fixed in version 1.8.8, but the details provided only state:

[Read more]

28 Jan 2022

Our Proactive Monitoring Caught a Persistent XSS Vulnerability in the WordPress Plugin Stylish Price List

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a one of those vulnerabilities, a persistent cross-site scripting (XSS) vulnerability in the plugin Stylish Price List.

We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]