Login

Tag Archives: Proactive Monitoring

7 Jun 2024

Our Proactive Monitoring Caught an Authenticated Arbitrary File Upload Vulnerability in Appointment Booking and Online Scheduling

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated arbitrary file upload vulnerability in the plugin Appointment Booking and Online Scheduling.

We now are also running all the plugins used by our customers through that on a weekly basis to provide additional protection for them. [Read more]

16 Jan 2024

Did ChatGPT Write This Severely Vulnerable Code Added to the Sage AI Content Writer WordPress Plugin?

A lot has been made about the possible security risk with code created by ChatGPT whether in WordPress plugins or otherwise. A more pedestrian risk is that WordPress plugins that interact with that are themselves insecure, whether written by ChatGPT or not. On Friday, we found one of those had just added extremely vulnerable code that hackers would exploit. Another plugin added slightly less vulnerable code over the weekend.

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught such a vulnerability being added to Sage AI Content Writer. The vulnerability, an authenticated arbitrary file upload vulnerability, which, as the name suggests, allows someone logged in to WordPress to upload arbitrary files to the website. An attacker could upload a .php file with malicious code and takeover the website. [Read more]

12 Jan 2024

Did ChatGPT Write This Extremely Vulnerable Code Added to the Chatbot ChatGPT for WordPress Plugin?

A lot has been made about the possible security risk with code created by ChatGPT whether in WordPress plugins or otherwise. A more pedestrian risk is that WordPress plugins that interact with that are themselves insecure, whether written by ChatGPT or not. Yet again, we have found one of those adding vulnerable code that hackers would exploit.

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught such a vulnerability being added to Chatbot ChatGPT. The vulnerability, an arbitrary file upload vulnerability, which, as the name suggests, allows an attacker to upload arbitrary files to the website. An attacker could upload a .php file with malicious code and takeover the website. [Read more]

22 Dec 2023

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability Being Introduced in to a WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated option update vulnerability being introduced in to the plugin Cozy Blocks today. The vulnerability is in part caused by wider insecurity in the plugin and there are additional vulnerabilities in the plugin, so we would recommend avoiding the plugin unless the security is overhauled.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]

7 Sep 2023

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability Being Introduced in to WPGetAPI

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated option update vulnerability being introduced in to the plugin WPGetAPI. The vulnerability allows anyone logged in to WordPress to break the website.

The vulnerable code comes from a new import feature of the plugin. The related new export feature looks to be similarly insecure as well. [Read more]

6 Sep 2023

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability in WP Courses

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated option update vulnerability in the plugin WP Courses. That allows a logged in attacker to change arbitrary WordPress options and they could use that to create a new WordPress account with administrator privileges. There are probably more vulnerabilities with similar code still lurking in plugins, as this was caught by a recent expansion of our motioning for that type of vulnerability. That vulnerability has been in the plugin for 22 months, without being noticed it appears.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]

25 Aug 2023

Vulnerability That Allows Attacker to Become Administrator Has Been in WordPress Plugin for Over 3 Years

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. We continue to improve what we can detect through that, based on other vulnerabilities being discovered and disclosed. A recent improvement to that led to us finding a role change vulnerability in the plugin Affiliaa. That would allow someone logged in to WordPress to change their role, which would allow an attacker with access to a low-level WordPress account to become an Administrator. That vulnerability has been in the plugin since it was introduced in to the WordPress Plugin Directory in March 2020.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]

24 Aug 2023

Expanded Security Checking for Plugins Used by Our Customers Catches New Vulnerability in 100,000+ Install Plugin

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. For some time, we also have run all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. More recently, we expanded the range of possible security issues that we check over in customer used plugins every week. Through that we caught a reflected cross-site scripting (XSS) vulnerability that was introduced in to the 100,000+ install plugin Squirrly SEO in the last week.

If you are using plugins not already used by our customers, once you start using our service, those plugins will be getting checked on a weekly basis as well. [Read more]

21 Aug 2023

Latest Version of 100,000+ Install WordPress Plugin Essential Blocks Adds PHP Object Injection Vulnerability

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught a PHP object injection vulnerability being introduced in to the plugin Essential Blocks, which has 100,000+ installs. That is yet another vulnerability in a plugin from WPDeveloper.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]

17 Aug 2023

Update to WordPress Plugin Allows Logged-In Users to Install Malicious Plugins

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, a vulnerability in the plugin Disable Fullscreen Mode that allows those logged in to WordPress to install arbitrary plugins. The plugin doesn’t have to come from the WordPress plugin directory, so an attacker can install an entirely malicious plugin.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]