The JVN released an advisory for the WordPress plugin WordPress Popular Posts stating that versions of the plugin prior to version 6.1.0 accepted “untrusted external inputs to update certain internal variables”, which they credited to Tsubasa Iinuma of Origami Systems. One of the changelog entries for that version is:
…
Two of the changelog entries for the second most recent version of WordPress Popular Posts, 5.3.4, are:
…
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during May (and what you have been missing out on if you haven’t signed up yet): [Read more]
From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.
…