Not Really a WordPress Plugin Vulnerability – Week of June 23, 2017

https://www.pluginvulnerabilities.com/2017/06/23/not-really-a-wordpress-plugin-vulnerability-week-of-june-23-2017/

In reviewing reports of vulnerabilities in WordPress plugins we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports we have been releasing posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular are items that are

Powered by WPeMatico

Canadian Web Hosting [Ad]

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Analytics Tracker

https://www.pluginvulnerabilities.com/2017/06/23/vulnerability-details-reflected-cross-site-scripting-xss-vulnerability-in-analytics-tracker/

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

The changelog entry for version 1.1.1 of the plugin Analytics Tracker is “Fixed XSS vulnerability on search

Powered by WPeMatico

Reflected Cross-Site Scripting (XSS) Vulnerability in Product Catalog

https://www.pluginvulnerabilities.com/2017/06/22/reflected-cross-site-scripting-xss-vulnerability-in-product-catalog/

We recently have been trying to get an idea of how effective it would be to try to proactively catch some vulnerabilities when changes are made to WordPress plugins that include those vulnerabilities. In doing one of the preliminary checks we immediately came across a reflected cross-site scripting (XSS) vulnerability that exists in the plugin Product Catalog that has existed

Powered by WPeMatico

Reflected Cross-Site Scripting (XSS) Vulnerability in uCare

https://www.pluginvulnerabilities.com/2017/06/22/reflected-cross-site-scripting-xss-vulnerability-in-ucare/

We recently have been trying to get an idea of how effective it would be to try to proactively catch some vulnerabilities when changes are made to WordPress plugins that include those vulnerabilities. During that preliminary checking we found that the plugin uCare contains a reflected cross-site scripting (XSS) vulnerability.

The vulnerability is an example of where one of things we

Powered by WPeMatico

Canadian Web Hosting [Ad]