One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing their plugins and others get them properly secured when Continue reading WordPress Plugin Developer Security Advisory: anadnet
In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic Continue reading Not Really a WordPress Plugin Vulnerability, Week of April 15
On Februrary 28, we publicly warned that the WordPress plugin Mistape had what appeared to have a backdoor added in its latest release. Part of the code would contact the developer’s website and let them know if the plugin was Continue reading A Month Later, WordPress Still Hasn’t Taken Action for Websites With Backdoored Plugin They Distributed
On August 9, 2021, a security update was released for the WordPress plugin Favicon by RealFaviconGenerator, which has 200,000+ installs. The changelog for that was: Fix XSS security issue, reported by WPSpan.com. See https://wpscan.com/vulnerability/ed9d26be-cc96-4274-a05b-0b7ad9d8cfd9?fbclid=IwAR2aRMXRjbGm9ppoI9tM-OHm26Q0ax4yt0MkcP5sp0-pz9D4eVIEHQwvG1Y [Read more] ShareTweetSharePostSharePin It!
Two months ago, a review of the WordPress plugin Category Specific RSS feed Subscription was made with the title “Exploit?” with this information provided: Lot’s of bots are looking for this file used with this plugin: [Read more] ShareTweetSharePostSharePin It!