PHP Security Advent Calendar 2018 Announcement

27 Nov 2018 by Dr. Johannes Dahse
PHP Security Advent Calendar

The holiday season is coming up again and it’s time for some security fun. For the third time in a row, we are proud to announce our PHP security advent calendar. This year, we will analyze 24 exciting security bugs that we detected in the most widespread WordPress plugins.

Read More

WordPress Design Flaw Leads to WooCommerce RCE

6 Nov 2018 by Simon Scannell
WordPress

A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million installations. The vulnerability allows shop managers to delete certain files on the server and then to take over any administrator account (CVE-2018-20714).

Read More

WordPress Configuration Cheat Sheet

31 Oct 2018 by Nils Werner

WordPress Configuration Cheat Sheet

WordPress is the most frequently installed web application in the world. The system is operated not only by experienced developers but also by beginners. In this blog post, we summarize what to look out for when configuring your WordPress installation’s security.

Read More

Framework Misconfiguration Analysis with RIPS

21 Aug 2018 by Nils Werner

Framework Misconfiguration

PHP frameworks such as Symfony, Laravel and CodeIgniter come with a variety of functions and components that make it easier for developers to build their application. However, various settings and configurations can have far-reaching consequences for security. Next to our unique and in-depth analysis for exploitable security vulnerabilities, RIPS is now also able to detect security weaknesses that stem from insecure configurations.

Read More

WARNING: WordPress File Delete to Code Execution

26 Jun 2018 by Slavco Mihajloski, Karim El Ouerghemmi
WordPress Unlink to RCE

WordPress is the most popular CMS on the web. According to w3tech, it is used by approximately 30% of all websites1. This wide adoption makes it an interesting target for cyber criminals. In this blog post we are going to introduce an authenticated arbitrary file deletion vulnerability (CVE-2018-20714) in the WordPress core that can lead to attackers executing arbitrary code. The vulnerability was reported 7 months ago to the WordPress security team but still remains unpatched. The long time elapsed since the initial reporting without any patch or concrete plans has led us to the decision to make it public.

Read More