Monthly Archives: September 2014

WordPress Plugin Vulnerability Dump – Part 2

And we’re back. Check out Part 1 if you haven’t yet. Much like before, developers of these plugins have not been contacted in advance. These vulnerabilities were trivial to find and as you can see from these vulnerabilities and others that have been disclosed in the past few months, popular =/= secure. More vulnerabilities will be posted as time permits.

Read more

WordPress Plugin Vulnerability Dump – Part 1

This post contains information on vulnerabilities for 7 (at least somewhat) popular wordpress plugins. All of these vulnerabilities were trivial to discover (and are trivial to fix). The state of wordpress plugin security is very sad indeed. None of the developers were contacted in advance of this post (except where otherwise noted). Additional vulnerabilities will be posted as time permits.

Read more