Login

Tag Archives: WP Page Widget

4 Nov 2022

Two of the Most Popular WordPress Plugins Contain Vulnerabilities and Were Closed Since Last Week

When WordPress plugins are closed on the WordPress Plugin Directory, unfortunately, those using the plugin and others are not informed of what caused the closure. So while the people running that would know if the plugins contain vulnerabilities, everyone is else left unaware if the plugin is known to be secure. One of the things we do to keep track of vulnerabilities in WordPress plugins is to monitor if any of the most popular plugins have been closed on the WordPress Plugin Director and then check if there are vulnerabilities we should warn our customers about.

Last week the plugin WP Page Widget, which recently had 60,000+ installs, was closed and as you can see, there is no explanation for the closure: [Read more]

31 Oct 2022

Authenticated Settings Change Vulnerability in WP Page Widget

Last week the WordPress plugin WP Page Widget was closed on the WordPress Plugin Directory. As that plugin is one of the 1,000 most popular plugins, we were alerted to its closure. No reason has been given for the closure. But there is a security issue in the latest version.

About a month ago a competitor of ours, Patchstack, claimed a cross-site request forgery (CSRF) vulnerability had been fixed in the latest version of the plugin. They didn’t provide basic information needed to confirm the claim, as the “details” given are: [Read more]