Not Really a WordPress Plugin Vulnerability – Week of September 22, 2017

https://www.pluginvulnerabilities.com/2017/09/22/not-really-a-wordpress-plugin-vulnerability-week-of-september-22-2017/

In reviewing reports of vulnerabilities in WordPress plugins we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports we have been releasing posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular are items that are

Powered by WPeMatico

Vulnerability Details: PHP Object Injection Vulnerability in Appointments

https://www.pluginvulnerabilities.com/2017/09/22/vulnerability-details-php-object-injection-vulnerability-in-appointments/

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

Since June we have been doing proactive monitoring of changes made to plugins to try to

Powered by WPeMatico

PHP Object Injection Vulnerability in DS.DownloadList

https://www.pluginvulnerabilities.com/2017/09/22/php-object-injection-vulnerability-in-ds-downloadlist/

For the second time through our proactive monitoring of changes in WordPress plugins for serious vulnerabilities we have found a vulnerability not just as it is added to a plugin, but as the plugin was introduced into the Plugin Directory.

There is a manual review done of plugins before they are approved for the Plugin Directory and that appears to

Powered by WPeMatico

Canadian Web Hosting [Ad]