WordPress 5.1 CSRF to Remote Code Execution

13 Mar 2019 by Simon Scannell

WordPress Remote Code Execution

Last month we released an authenticated remote code execution (RCE) vulnerability in WordPress 5.0. This blog post reveals another critical exploit chain for WordPress 5.1 that enables an unauthenticated attacker to gain remote code execution on any WordPress installation prior to version 5.1.1.

Read More

WordPress 5.0.0 Remote Code Execution

19 Feb 2019 by Simon Scannell

WordPress Remote Code Execution

This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core. The vulnerability remained uncovered in the WordPress core for over 6 years.

Read More

CTF Writeup: Complex Drupal POP Chain

29 Jan 2019 by Simon Scannell

Drupal

A recent Capture-The-Flag tournament hosted by Insomni’hack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain.

Read More

Learnings from WordPress Security Month

15 Jan 2019 by Simon Scannell

Advent

Last year in December we released once a day a vulnerability affecting WordPress core or one of the most popular WordPress plugins, next to a critical persistent XSS in wordpress.org. This blogpost will summarize common mistakes developers make and the overall impact our advent calendar had on the WordPress community and the current state of WordPress security.

Read More

WordPress Privilege Escalation through Post Types

17 Dec 2018 by Simon Scannell
WooCommerce Object Injection

A logic flaw in the way WordPress created blog posts allowed attackers to access features only administrators were supposed to have. This lead to a Stored XSS and Object Injection in the WordPress core and more severe vulnerabilities in WordPress’s most popular plugins Contact Form 7 and Jetpack.

Read More