Rich Reviews Plugin Discontinued after Vulnerabilities Exploited in the Wild

After tracking exploits of a zero day XSS vulnerability in the Rich Reviews plugin for WordPress, Wordfence is recommending that users remove it from their websites. The company estimates that there are 16,000 active installations vulnerable to unauthenticated plugin option updates: Attackers are currently abusing this exploit chain to inject (more…)

Continuer la lecture Rich Reviews Plugin Discontinued after Vulnerabilities Exploited in the Wild

Freemius Patches Severe Vulnerability in Library Used by Popular WordPress Plugins

Freemius, a monetization, analytics, and marketing library for WordPress plugin and theme developers, patched an authenticated option update vulnerability in its wordpress-sdk four days ago. The library is included with many popular plugins, such as NextGEN Gallery (1,000,000+ installs), 404 – 301 (100,000+ installs), WP Security Audit Log (80,000+ installs), (more…)

Continuer la lecture Freemius Patches Severe Vulnerability in Library Used by Popular WordPress Plugins

WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin

WPBrigade, the developers behind the Simple Social Buttons plugin, have patched a critical privilege escalation vulnerability. The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the vulnerability in a post published this week: Improper application design flow, chained with lack of permission check (more…)

Continuer la lecture WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin