Side Menu

While Looking Into One Vulnerability Being Fixed in a WordPress Plugin, We Found Another One

The plugin Side Menu was closed on the WordPress Plugin Directory on Wednesday. On Friday a new version was submitted with the changelog entry “Fixed: Security parameters”. While checking over the vulnerability that was fixed in that version, we found yet another vulnerability still exists in the plugin. That vulnerability being a cross-site request forgery (CSRF)/local file inclusion (LFI) vulnerability.

Based on this vulnerability we have improved our Plugin Security Checker’s detection of LFI vulnerabilities to flag code like the code that is in this plugin. So you can check plugins you use to see if they might have similar issues with that tool. [Read more]

Vulnerability Details: CRSF/SQL Injection Vulnerability in Side Menu

The plugin Side Menu was closed on the WordPress Plugin Directory on Wednesday. On Friday a new version was submitted with the changelog entry “Fixed: Security parameters”. Running the previous version of the plugin through our Plugin Security Checker flagged several possible instances of SQL injection in the code, which we found could be exploited through cross-site request forgery (CSRF) and had been fixed in the new version. In looking into that, we found another vulnerability that still exists in the plugin.

…

[Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Side Menu

While Looking Into One Vulnerability Being Fixed in a WordPress Plugin, We Found Another One

Vulnerability Details: CRSF/SQL Injection Vulnerability in Side Menu