via pluginvulnerabilities.com => original post link
In the middle of August, we publicly warned that the WordPress plugin WooODT Lite contained an authenticated option update vulnerability, which would allow logged-in attackers to change arbitrary WordPress options (settings). The possibility of the vulnerability was flagged by proactive monitoring we have to try to catch serious vulnerabilities as they are introduced in to plugins. It wasn’t a new issue, though. It had been in the plugin’s code for 13 months.
Based on earlier testing, two WordPress security plugins could have protected against common exploitation of that type of vulnerability even before we had warned about it. Those were our own Plugin Vulnerabilities Firewall and NinjaFirewall. [Read more]