Hello to performances
It is a right time to speak about performances e.g. cheap and effective solutions. Try the search đ
WordPress DB prepare method DOS / memory limit
Few years back WP âfixedâ prepare method of its DB class and even today it remains one of the failure points for ~40% of the web. What is the bug? Simple, because sprintf usage every % sign is replaced with placeholder which in most of the setups swaps 1 character % with 66 in memory. …
WP Job Manager permission escalation RCE
WP Job Manager plugin was sitting vulnerable for some time and attack vectors were available with lowest possible user role. Now in current version 1.34.4 some hardening was placed in the form of post_type checks & nonceâs, but meddling with protected meta failed again. Almost the same way as WordPress core did. Eli5 PoC In …
WP Activity Log before 4.1.5 unauthenticated SQLi
This is a plugin that allows logging of activities around your wp setup, so admins have some insight about what is happening under the hood and what are the activities of different system functionalities and users from different user groups. In some of the classes around code base, specially those related to MySQL could be …
WP Activity Log before 4.1.5 unauthenticated SQLi Read More »
WooCommerce abandoned cart before 5.8.2 SQL injection
Abandoned Cart Plugin stands for recovering abandoned shopping carts for WooCommerce. Plugin source code is in quite bad shape from the good WP plugin development practices, but it got quite good coverage from some Woo âauthoritiesâ in the past and it is installed on 30k+ active stores. Here we talk about preauth SQL injection that …
WooCommerce abandoned cart before 5.8.2 SQL injection Read More »
Loginizer before 1.6.4 SQLi injection
Here we talk about Loginizer security plugin for WP that protects web sites from brute force attacks (quite needed functionality) and to provide extra lights and bolts in form of Two Factor Auth, reCAPTCHA, PasswordLess Login⌠Recently I performed some checks in the plugin code and few security issues were identified e.g. two paths towards …
Ninja Forms before 3.4.27.1 simple CSRF to RCE
The bug is more than simple, GET request with Administrator cookies in it, will result with any plugin from WP dot org installation & activation. If we talk about regular web application, then this wonât be even a issue and server miss configuration could be blamed (writable executable files), but we talk about WordPress where …
WooCommerce before 4.1.0 Remote Code Execution
WooCommerce plugin is raw model how good WordPress plugin should look like and very often we can see how many another plugins around eco system very often borrow knowledge/source from it and that is probably ok. What is important to be mentioned here is the fact that there isnât any log that will show us …
WordPress security testing
There are a lot of security solutions around WP eco system advertising their possibility to fight malware, intrusions and exploitation. Most of them are endpoint security solutions, there are cloud ones, but also market knows the managed WP services that offer security in their own way. Having big choice sometime is a problem, because you …
WordPress protected meta via wp job manager
Adding slashes or removing them is a thing on WP. Most of the meta functions perform that e.g. they hold that not popular wp_unslashagainst meta keys and values. This means when input towards update_metadata and add_metadata isnât from the current http requst via some web form e.g. html interface there is possibility for user to insert/update protected meta key into …