Filter by tag: wordpress

Privilege Escalation in 2.3M WooCommerce Shops

13 min read 26 Feb 2018 by Karim El Ouerghemmi, Slavco Mihajloski
The WordPress plugin WooCommerce runs on approximately 2,300,000 live websites and is currently the most prominent eCommerce platform used on the Web. During our research we discovered a PHP Object Injection vulnerability in WooCommerce (CVE-2017-18356) that allows to escalate privileges with a unique and interesting injection technique.

WordPress Plugin Vulnerabilities 2017 VS. Static Analysis

11 min read 29 Nov 2017 by Johannes Dahse
WordPress plugins are widely adopted and an attractive target for attackers. In this technical blog post we analyze the most critical vulnerabilities in WordPress plugins of 2017 and share insights about how static code analysis can detect these.

The State of Wordpress Security

16 min read 14 Dec 2016 by Hendrik Buchwald
Plugins from the community are an integral part of most Wordpress sites. We downloaded all 47,959 plugins that are available from the official Wordpress repository and analyzed them with our static code analyzer RIPS. Shockingly, about every second larger plugin contains at least one medium severity issue. But is it really that bad?