Web Flaws and Vulnerabilities

Redux Framework and Privilege Escalation

September 2, 2015 0 comments

Redux Framework is a code structure script that allows you to easily create good looking option pages and adding its own features. Versions before 3.5.6.8 are victims of a privilege escalation flaw, the scénario for the exploit is not mainstream, here comes the requirement: Using a theme with Redux Framework, Using a plugin with Redux Framework, Having a user with a role […]

Read more
WordPress Flaws and Vulnerabilities

WP Rollback, a Too Permissive Plugin

June 28, 2015 0 comments

In date of 26th june 2015, i doscovered the plugin WP Rollback. This plugin allow you to install an older version of one of your plugins from the official repository. Since i wanted to use this plugin, i had to check its security. Remember that if i don’t do that, then i have to remember that installing a plugin is like include […]

Read more
Secure WordPress

Add SVG Support in WordPress Medias, Yes But No!

June 17, 2015 0 comments

I recently noticed an urge to add support SVG files in the WordPress media. Beautiful, very good idea, SVG is a very good format for the web and the performance for your site. The way to add the support is simple and fast, here are two bad examples: http://wpchannel.com/autoriser-envoi-fichiers-svg-wordpress/ (fr) http://wpsnipp.com/index.php/functions-php/add-support-svg-inside-wordpress-media-uploader/ We must begin by asking why […]

Read more
WordPress Flaws and Vulnerabilities

Vulnerability in WooCommerce 2.3.10 : Object Injection

June 11, 2015 0 comments

WooCommerce 2.3.10 Yesderday, 10th,  june 2015, WooCommerce has been patched from a vulnerability called “Object Injection“. We already seen this flaw in WordPress < 3.6.1 but here with a very high risk level, un WP from whom it was almost a null risk. The risk does not depend on the fault itself, but several criteria assessed and calculated […]

Read more