Duplicated Vulnerabilities in WordPress Plugins

During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.

With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities.

SQL Injections in Vulnerable Plugins

Let’s talk for a moment about the original code sample that this entire scenario stems from: A blog post from Misha Rudrastyh, written back in 2013, detailing how to duplicate posts without the help of a plugin by inserting a bit of code into a theme’s…


More Info

About mblog.my

Check Also

The WordPress Community Comes Together in Taipei – WordPress.com News

The WordPress Community Comes Together in Taipei – WordPress.com News

Taking a look at WordPress.com’s presence at WordCamp Asia 2024 in Taipei, Taiwan. This year’s …