WordPress Flaws and Vulnerabilities

BJ Lazy Load and TimThumb

September 2, 2015 0 comments

BJ Lazy Load is a plugin to differ the image loads, available for free on the official WordPress repository and he’s using TimThumb. On 1st september 2015, we did some research about Laly loading plugins and we finally discovered that this plugin, BJ Lazy Load v 0.7.5, was using an outdated version of TimThumb, this famous script which is still responsible of […]

Read more
Web Flaws and Vulnerabilities

Redux Framework and Privilege Escalation

September 2, 2015 1 comment

Redux Framework is a code structure script that allows you to easily create good looking option pages and adding its own features. Versions before are victims of a privilege escalation flaw, the scénario for the exploit is not mainstream, here comes the requirement: Using a theme with Redux Framework, Using a plugin with Redux Framework, Having a user with a role […]

Read more
WordPress Flaws and Vulnerabilities

WP Rollback, a Too Permissive Plugin

June 28, 2015 0 comments

In date of 26th june 2015, i doscovered the plugin WP Rollback. This plugin allow you to install an older version of one of your plugins from the official repository. Since i wanted to use this plugin, i had to check its security. Remember that if i don’t do that, then i have to remember that installing a plugin is like include […]

Read more
Secure WordPress

Add SVG Support in WordPress Medias, Yes But No!

June 17, 2015 1 comment

I recently noticed an urge to add support SVG files in the WordPress media. Beautiful, very good idea, SVG is a very good format for the web and the performance for your site. The way to add the support is simple and fast, here are two bad examples: http://wpchannel.com/autoriser-envoi-fichiers-svg-wordpress/ (fr) http://wpsnipp.com/index.php/functions-php/add-support-svg-inside-wordpress-media-uploader/ We must begin by asking why […]

Read more