Plugin Security Certification (PSC) by CleanTalk

During the examination of the System Dashboard plugin for WordPress, a security vulnerability was identified that allows unauthorized access to sensitive data. This flaw stems from a lack of capability check on the sd_php_info() function, which is hooked via an AJAX action in all versions of the plugin up to, and including, 2.8.7. As a result, authenticated attackers with subscriber-level access and above can exploit this vulnerability to retrieve sensitive information provided by PHP info.

In the dynamic environment of WordPress, keeping track of changes made to your website is essential for maintaining security and accountability. The “Simple History” plugin, now at version 4.10.0, offers a comprehensive solution by providing a detailed log of recent activities directly on your dashboard or a separate page. In this article, we delve into the significance of this plugin, highlighting its security features and its recognition through the “Plugin Security Certification” (PSC) from CleanTalk.

During the evaluation of the Medialist plugin, security researchers discovered a critical vulnerability enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows contributors to embed malicious JavaScript code into new posts using a specific shortcode, leading to potential account takeover and other malicious activities.

During the evaluation of the Magee Shortcodes plugin, security researchers identified a critical vulnerability enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability permits malicious actors to execute arbitrary JavaScript code within the context of a victim’s browser when interacting with a compromised post containing specially crafted shortcodes.

During testing of the Shariff Wrapper plugin, a critical vulnerability was identified that allows for the implementation of Stored Cross-Site Scripting (XSS) attacks. This vulnerability enables attackers to execute malicious scripts on behalf of contributors, potentially leading to account takeover and compromise of the WordPress admin account.

During examination of the JetBackup plugin, a critical vulnerability was identified in the directory “/wordpress/wp-content/uploads/jetbackup/*”. This flaw exposes extensive information about the WordPress site, including its configuration, directories, and files. Moreover, it grants unauthorized access to sensitive data stored within the database and other files. Exploiting this vulnerability poses a significant threat, potentially leading to the compromise of the entire system.

While scrutinizing the User Activity Tracking and Log plugin, a significant vulnerability was uncovered. This flaw allows an attacker to replace their actual IP address with any arbitrary IP address, specifically by adding a forged “X-Forwarded-For: 11.11.11.11” header to requests. This manipulation is evident in the activity log, such as during the creation of a new post.

In the process of scrutinizing the Fatal Error Notify plugin for WordPress, a Cross-Site Request Forgery (CSRF) vulnerability was unearthed. This flaw permits an unauthorized user to manipulate requests on behalf of the victim, enabling the attacker to send erroneous error messages via email. The exploit can involve sending a large volume of HTML-coded messages to the victim’s email, potentially causing disruption and spamming issues. Furthermore, the repeated suspicious activity might lead to the blocking of the WordPress site’s email.

During testing of the plugin, a vulnerability was discovered that allows the user, starting from the “Subscriber” (lower privs) privileges, to access AJAX requests that can output the following data: password and login from the database -which is very critical, password and login from the mailbox, phpinfo() and all the information that the plugin can output about the web application

A critical security vulnerability has been identified in the Debug Log Manager plugin, marked by a missing authorization check during the handling of the action=clear_log method. This lapse in validation opens the door to Cross-Site Request Forgery (CSRF) attacks, providing unauthorized actors with the ability to clear PHP logs in the affected plugin.