Duplicated Vulnerabilities in WordPress Plugins

Duplicated Vulnerabilities in WordPress Plugins

During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.

With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities.

SQL Injections in Vulnerable Plugins

Let’s talk for a moment about the original code sample that this entire scenario stems from: A blog post from Misha Rudrastyh, written back in 2013, detailing how to duplicate posts without the help of a plugin by inserting a bit of code into a theme’s function.php file.

Continue reading Duplicated Vulnerabilities in WordPress Plugins at Sucuri Blog.

Via Sucuri.net

Tags: , ,

No comments yet.

Leave a Reply