Login

Tag Archives: Proactive Monitoring

16 Aug 2023

Exploitable Vulnerability Has Been in WooCommerce Extending Plugin for Over a Year

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. We don’t have time to review everything that is flagged by that. As one piece of code flagged, which we only got a chance to look into 13 months after it was introduced in to a plugin, shows, it doesn’t look like much of anyone else is joining us in doing that type of monitoring. That code turned out to cause a vulnerability that would allow an attacker with access to an account on the website, even a low level account, to take over the website. Unsurprisingly, that is a type of vulnerability that hackers are known to exploit. The vulnerability is in the plugin WooODT Lite.

As is often the case with plugins with serious vulnerabilities, the plugin extends the popular eCommerce plugin WooCommerce. Despite being used on websites with additional security risk and probably more money tied to them, it doesn’t appear those plugins are getting reasonable security scrutiny. If anyone is looking to have that happen for a WordPress plugin they use, we can do a security review. [Read more]

7 Aug 2023

Code That Leads to Arbitrary File Upload Vulnerability in StellarWP’s Kadence Blocks Has Been There for 5 Months

A couple of weeks ago, we noted how Wordfence had claimed that a lack of newly introduced vulnerabilities being detected in WordPress plugins was proof that the security of plugins was improving, but it could actually be that detection of newly introduced vulnerabilities isn’t very good. A serious vulnerability that recently became functional in the 300,000+ install plugin Kadence Blocks is further evidence of poor detection of newly introduced vulnerabilities.

The developer of that plugin, StellarWP, has had a terrible security track record despite developing one of the most popular security plugins. Including failing to fix a vulnerability that their security plugin was warning about and failing to implement basic security in another plugin, leading to a zero-day. That makes the issue with Kadence Blocks not all that surprising. [Read more]

28 Jul 2023

Latest Update of 60,000+ Install WooCommerce Extending Plugin Removes Basic Security

WordPress security providers have been claiming for years that the security of WordPress plugins is improving. Here was how the WP Tavern put it as coming from Patchstack in March:

The report emphasized that the increase in the number of vulnerabilities reported means that ecosystem is becoming more secure as the result of more security issues being found and patched. [Read more]

23 Jun 2023

Our Proactive Monitoring Caught a User Deletion Vulnerability in Atarim – Client Interface

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, a user deletion vulnerability in the plugin Atarim – Client Interface.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]

14 Jun 2023

Our Proactive Monitoring Caught a Remote Code Execution Vulnerability in a Brand New WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, a race condition/remote code execution (RCE) vulnerability in a brand new plugin, Sobex Tech. The vulnerability is in part caused by wider insecurity in the plugin and there are additional vulnerabilities in the plugin, so we would recommend avoiding the plugin unless the security is overhauled.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]

13 Jun 2023

Our Proactive Monitoring Caught an Authenticated Option Update Vulnerability in WP Compress

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a variant of one of those vulnerabilities, an authenticated option update vulnerability in the plugin WP Compress. The vulnerability is in part caused by wider insecurity in the plugin and there are additional vulnerabilities in the plugin, so we would recommend avoiding the plugin unless the security is overhauled.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]

9 Jun 2023

Our Proactive Monitoring Caught a Shortcode Execution Vulnerability in a Brand New WordPress ChatGPT Plugin

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a type of vulnerability that has in the past been combined with a more serious vulnerability and then exploited. That being a shortcode execution vulnerability, which we found in a brand new WordPress plugin. That plugin, ShortcodeGPT, being yet another ChatGPT related plugin that hasn’t been properly secured.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]

9 Jun 2023

Our Proactive Monitoring Caught an Arbitrary File Viewing Vulnerability Being Introduced in to a WordPress Plugin

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, an arbitrary file viewing vulnerability being added to the plugin WPYog Documents.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them. [Read more]

17 May 2023

Did ChatGPT Create This Serious Authenticated Option Update Vulnerability in the WordPress Plugin AI Power?

A lot has been made about the possible security risk with code created by ChatGPT whether in WordPress plugins or otherwise. A more pedestrian risk is that WordPress plugins that interact with that are themselves insecure, whether written by ChatGPT or not. Last week, one of those plugins, AI Power, which is described by the developer as the “most popular, WordPress-based open-source AI solution” started introducing a serious vulnerability in to the 10,000+ websites using it. The vulnerability allows those logged in to WordPress to change arbitrary WordPress options (settings), which among other things could allow them to take over the website by allowing them to create new WordPress accounts with the Administrator role.

Our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities caught that. [Read more]

24 Apr 2023

Authenticated Post Deletion Vulnerability in CartFlows

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. We also run all the plugins used by our customers through the same system used for the proactive monitoring on a weekly basis to provide additional protection for them. Through that, we caught an authenticated post deletion vulnerability in the 200,000+ install plugin CartFlows. Our customers were already protected from the vulnerability, as our Plugin Vulnerabilities Firewall plugin provides protection against this type of vulnerability without us having to write a rule for a specific vulnerability.

By default, the plugin restricts access to the admin portion of the plugin’s interface to Administrators, but it has a user role manager that allows providing lower-level users access. If users are given “Limited Access” they “Can create/edit/delete/import flows and steps only.” With the ability to delete the plugin’s flows, they can delete any post on the website. [Read more]