Blog Post

Important security updates for all plugins

About month ago, a vulnerability was reported in one of our plugins (GD Rating System), related to unsanitized input used to load different plugin admin side panels, allowing loading of arbitrary files instead.

Because all Dev4Press use almost the same code for the admin panels, all our plugins were affected in the same way. Basically, each admin page for our plugins has one main page and one or more panels related to that page, loaded based on the panel variable in the URL. And, because this panel variable was not sanitized properly, it was possible to send JavaScript or path to a file.

The good news about this is that this vulnerability has no known exploits. That means that so far, no one has created a viable method of attack that will use this vulnerability, and it is highly unlikely that any damage could be done because this vulnerability requires very specific circumstances – it can’t be exploited :

  • This vulnerability is exposed only if the logged in user is an administrator – plugin’s pages are not registered or loaded for other user roles or visitors.
  • Method 1 – JavaScript: The attacker would need to prepare the URL with malicious JavaScript code, send the email with falsified origin fool the administrator to click the link – this will never work because most email clients would mark such mail as spam, or the administrator would be careful to click a link from such email.
  • Method 2 – Load file: this attack is even harder to do, because it requires that attacker somehow knows exact structure of the website or he can upload malicious file in some way, and if that happens, then the website is already hacked in some way, and there are better ways to load malicious files then.

In any case, the vulnerability is fixed in all Dev4Press plugins, and fixed versions were deployed in the past 3 weeks. All plugins now have improved sanitation of input variables and check for the existence of the panel files before loading. In the process of fixing this, all plugins received various other fixes and improvements. So, you just need to update to latest plugin version, and there will be no risk of the malicious attack through any of our plugins (even without that, the risk was minimal).

If you notice any problems with our plugins, if you find any potential vulnerabilities, please let me know, and I will do my best to fix the problems as soon as possible.

Please wait...

About the author

Milan Petrovic
Milan Petrovic

CEO and Lead developer of Dev4Press Web Development company, working with WordPress since 2008, first as a freelancer, later founding own development company. Author of more than 250 plugins and more than 20 themes.

Subscribe to Dev4Press Newsletter

Get the latest announcements, release digests, promotions and exclusive discounts, and general Dev4Press-related news straight into your mailbox.

This form collects your email (optionally your name) for the purpose of sending you newsletters. Check out our Privacy Policy for more information on how we store and manage your data. We will not send you any spam. Newsletters are sent 2 to 4 times every month.

Leave a Comment

SiteGround - Managed WordPress Hosting
WP Rocket - Make WordPress Load Fast in a Few Clicks