I went for coffee and came back with 6 vulnerabilities in WordPress plugins Research Summary This research analyzes the security of six WordPress plugins and core components, identifying …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A security researcher discovered six vulnerabilities across popular WordPress plugins and components during a short break. The findings include an unauthenticated arbitrary file upload in Royal Elementor Addons via an exposed AJAX nonce, CSS injection in Appointment Hour Booking allowing site defacement, error-based SQL injection in Tutor LMS due to improper use of sanitize_text_field(), SSRF in Better WP Security and SAML SSO plugins enabling internal network scanning and cloud metadata theft, and an open redirect in WooCommerce's REST API auth flow caused by using wp_redirect() instead of wp_safe_redirect(). The common root cause across all findings is blind trust in user input and missing input validation.

I went for coffee and came back with 6 vulnerabilities in WordPress plugins

1. Royal Elementor Addons — Arbirary File Upload

2. Appointment Hour Booking — CSS Injection

Get Miguel Méndez Z. ’s stories in your inbox