ethicalhack3r
Forum Replies Created
-
Forum: Plugins
In reply to: [YARPP - Yet Another Related Posts Plugin] XSS FixRyan from wpvulndb here.
The CSRF seems to have been attempted to have been fixed – https://plugins.trac.wordpress.org/changeset/1160452/yet-another-related-posts-plugin (not mentioned in the changelog)
The XSS does not seem to have been fixed at the time of writing from what I can tell from looking at Trac.
Ryan from wpvulndb here.
“Wordfence 5.2.3 – Banned IP Functionality Bypass” was fixed in 5.2.4. We have now added this to our database. Thanks!
Forum: Plugins
In reply to: [WP Video Lightbox] jQuery prettyPhoto DOMRyan from wpvulndb here. We have marked it as fixed. Thanks!
Chris – I would probably use the === operator for comparing the two domain strings, apart from that it looks like it should work (not tested). Let me know when it has been fixed and we can mark as so on wpvulndb.com.
Forum: Plugins
In reply to: [Responsive Lightbox & Gallery] Vulnerability in PrettyPhoto !Ryan here from wpvulndb.
We have now marked this as fixed – https://wpvulndb.com/vulnerabilities/7985
Vendors can sign up for email notifications when one of your plugins is preliminarily entered into our database for free. Feel free to email us if this interests you as it is a manual process at the moment.
Ryan from wpvulndb here.
That is indeed an old version. We detect the plugin and the installed version, we then notify the user of any vulnerabilities within the plugin dependant on the installed version and the version the plugin vulnerability was fixed in.
This issue was flagged because we are not aware that it has been fixed.
We have looked at the plugin’s changelog and there is no mention of a fix. We also have had a quick look through the plugin’s Trac repository and could not see any mention of a fix.
I have tried to reproduce the issue in the latest version but in order for the original vulnerability to be exploited media has to be ‘flagged’ by the plugin in order to edit its title and I’m not sure how to achieve this.
I have asked the original researcher for further information.
Maybe you could confirm if it has been fixed or not and in what version it was fixed?
I manage the WPScan Vulnerability Database. It looks like the vulnerability was assigned to the wrong plugin within our database. I will update the issue now.
Forum: Everything else WordPress
In reply to: Core Dev Team Meetup Q&AWhat is being done to increase the security of WordPress plugins? These have now become the weak link in WordPress security.
Forum: Everything else WordPress
In reply to: Core Dev Team Meetup Q&ACan Full Path Disclosure (FPD) vulnerabilities be remediated throughout WordPress and can the development team stop blaming FPD on the users environment.
Please see
http://seclists.org/fulldisclosure/2011/Nov/96
and
http://www.ethicalhack3r.co.uk/security/full-path-disclosure-fpd/