Tenable

Our Firewall Plugin Caught That SQL Injection Vulnerability Tenable Discovered Hasn’t Actually Been Fixed

Last month, security provider Tenable claimed that an authenticated SQL injection vulnerability had existed in the WordPress plugin ReviewX and was fixed in version 1.6.4. It turns out the vulnerability hasn’t been fixed.

The CVE system allowed Tenable to create a CVE ID for this, CVE-2023-26325, and didn’t check to make sure the claims were accurate [Read more]

WordPress Plugin With Unfixed Vulnerability Targeted by Hacker Remains in Plugin Directory

For some time, we have been seeing a hacker probing for the usage of various WordPress plugins with known vulnerabilities across numerous websites. Many of those vulnerabilities have been SQL injection vulnerabilities. Over the weekend we saw them looking for usage of the WordPress plugin Gift Voucher. That isn’t surprising considering that there is an unfixed SQL injection vulnerability that was publicly disclosed by Tenable on March 22. What is surprising is that the plugin is still available in the WordPress Plugin Directory as of now:

[Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Tenable

Our Firewall Plugin Caught That SQL Injection Vulnerability Tenable Discovered Hasn’t Actually Been Fixed

WordPress Plugin With Unfixed Vulnerability Targeted by Hacker Remains in Plugin Directory