27 Oct 2023

Is This Spam Post Creation Vulnerability in Themify Builder What a Hacker Would Be Interested In?

On Wednesday, we had an odd request to our website from an IP address that is being reported as being used for malicious attacks against WordPress websites. The request was trying to access an AJAX accessible action named “tb_optin_subscribe”. The action was sent as POST input, with no other POST input or GET input. We could only find one WordPress plugin that registers that action. That plugin being the Themify Builder. We don’t use that plugin, so there isn’t a legitimate reason for that request.

Looking at the relevant function ajax_subscribe() in the file /includes/optin-services/base.php), we didn’t see any obvious reason a hacker would be interested in it. The code looks to simply pass information along to Newsletter services (MailChimp and others). Seeing as no other GET or POST input was sent with the request, abusing that functionality didn’t seem like a likely explanation. [Read more]

25 Jul 2023

Unfixed Persistent Cross-Site Scripting (XSS) Vulnerability in WordPress Plugin Targeted by Hacker

Today, we had someone probing for usage of the WordPress plugin MultiParcels Shipping For WooCommerce through a request for the plugin’s readme.txt file on one of our websites.

On July 17, a vague claim that an authenticated SQL injection vulnerability had recently been fixed in the plugin was released, which might explain a hacker’s interest in the plugin. There is also a claim that a minor vulnerability that has not been fixed yet exists in the plugin. [Read more]