Multidots Inc. is a software development company from India that has developed a wide range of various WordPress plugins. About a month ago ThreatPress Security Research Team found a lot of vulnerabilities in ten plugins designed by Multidots to extend the capabilities of WooCommerce. As you can understand, these plugins designed for online stores powered by WooCommerce / WordPress. ThreatPress notified the Multidots instantly about the issues with their WordPress plugins, usually developer fixes problem as soon as possible, but in this case, everything went quite a different way.
Vulnerable plugins by Multidots
So, overall ThreatPress found that there are ten vulnerable plugins. All of them hosted on WordPress.org plugin repository. Here’s the list of these plugins (plugin name, active installs and vulnerability type):
Continue reading WordPress plugins for WooCommerce by Multidots endangered thousands of online stores
ThreatPress published a summary of all WordPress vulnerabilities detected in the 2017 year. This beautiful info-graphic (below) gives statistical information collected from ThreatPress database of WordPress vulnerabilities and data available on such open sources like WordPress.org website.
All of the WordPress plugins that were marked as vulnerable in the 2017 year have more than seventeen million active installs. Just imagine how many sites were at potential risk. I think we’re talking about a number that exceeds five million websites. Five million!!! OK, let’s see what more do we have on this infographic.
ThreatPress 2017 year report in numbers
- 221 vulnerability added to the database of WordPress vulnerabilities compared to the 234 vulnerabilities in the 2016 year.
- 202 plugins were identified as vulnerable, 153 of them hosted on WordPress.org plugin repository.
- 5 WordPress themes were identified as vulnerable, this number could be much bigger, but it’s hard to access and check themes from premium repositories.
- The most common vulnerability type was a Cross-Site Scripting (XSS) with a SQL Injection (SQLi) on a second place and Broken Access Control on the third.
- Other quite common vulnerability types in the 2017 year were Cross-Site Request Forgery (CSRF), Arbitrary File Upload, BYPASS, Arbitrary File Download, PHP Object Injection and Local File Inclusion.
- Top five vulnerable plugins in the 2017 year (by the number of active installs according to WordPress.org data) were Yoast SEO, WooCommerce, Smush Image Compression and Optimisation, Duplicator and Loginizer.
- There were 8 WordPress security-related releases in the 2017 year.
Continue reading ThreatPress report of WordPress vulnerabilities for the 2017 year
phpMyAdmin cross-site request forgery (CSRF) vulnerability found by an Indian security researcher Ashutosh Barot caused a lot of noise. It’s evident that many website owners began a heated debate on this issue since phpMyAdmin is one of the most popular tools for managing MySQL databases. I find this discussion somewhat surprising because most speakers do not realize what kind of conditions needed to make it possible to exploit this vulnerability. My modest opinion is that this security issue is more dangerous theoretically than in practice. Let’s see why I think so.
phpMyAdmin CSRF vulnerability exploitation mechanism
Attacks on CSRF vulnerabilities are quite primitive. An attacker prepares specially crafted link with some parameters or commands. This link will make some unattended actions if clicked by the administrator or any logged user with sufficient rights of the targeted system. Ashutosh Barot published a short Youtube video which shows how he managed to drop one table from the database with a single click on the link. An attack is possible due to the unprotected GET request operation.
Continue reading phpMyAdmin CSRF vulnerability is dangerous but hard to exploit