Privilege Escalation in 2.3M WooCommerce Shops

26 Feb 2018 by Karim El Ouerghemmi, Slavco Mihajloski
WooCommerce Object Injection

The WordPress plugin WooCommerce runs on approximately 2,300,000 live websites1 and is currently the most prominent eCommerce platform used on the Web. During our research we discovered a PHP object injection vulnerability in WooCommerce that allows to escalate privileges. The vulnerability was responsibly disclosed to the Automattic security team and was fixed last year with the release of version 3.2.4. In this blog post we investigate how recent changes in the WordPress core database driver opened the doors for this vulnerability. Furthermore, we describe how the circumstances could be exploited with a unique and interesting injection technique.

Read More ...

WordPress Plugin Vulnerabilities 2017 VS. Static Analysis

29 Nov 2017 by Dr. Johannes Dahse
WordPress Plugin Vulnerabilities

WordPress is used by 29.0% of all the websites1. Due to its wide adoption, specifically the security of WordPress plugins moved into the focus of cyber criminals. Often, the plugins provided by third parties do not share the same level of security as the WordPress core itself, making them an attractive target for attackers. Security vulnerabilities are actively exploited in order to compromise large amounts of installations that use vulnerable plugins. Can static code analysis detect these vulnerabilities out of the box? In this technical blog post we analyze the most critical plugin vulnerabilities in 2017 and share some insights about the requirements of a static code analyzer needed for detection.

Read More ...

The State of Wordpress Security

14 Dec 2016 by Hendrik Buchwald

Wordpress

Does Wordpress really need an introduction? It is by far the most popular blogging software on the planet and it is also abused for other tasks frequently. A large percentage of the World Wide Web is Wordpress1.

Plugins from the community are an integral part of most Wordpress sites, therefore this blog post will cover the complete Wordpress ecosystem and not just the core. To do this we downloaded all 47,959 plugins that are available from the official Wordpress repository and analyzed them with our static code analyzer RIPS! Shockingly, about every second larger plugin contains at least one medium severity issue. But is it really that bad? Read on to find out!

Read More ...