Duplicated Vulnerabilities in WordPress Plugins

During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.

With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities.

SQL Injections in Vulnerable Plugins

Let’s talk for a moment about the original code sample that this entire scenario stems from: A blog post from Misha Rudrastyh, written back in 2013, detailing how to duplicate posts without the help of a plugin by inserting a bit of code into a theme’s…


More Info

About mblog.my

Check Also

First Look at Twenty Twenty-One, WordPress’s Upcoming Default Theme – WordPress Tavern

Fashion is ephemeral. Art is eternal. Indeed what is a fashion really? A fashion is …