WP Tavern

August 27, 2024 at 4:29 PM

Wordfence’s post on this vulnerability misses a critical element. The vulnerability couldn’t have existed without an unaddressed security issue in the WordPress function maybe_unserialize(): https://www.pluginvulnerabilities.com/2024/08/23/unaddressed-wordpress-security-issue-behind-recent-critical-vulnerability-in-100000-install-plugin/

There has been a solution for that issue since 2015, but WordPress hasn’t implemented it. Implementing that would remove the possibility of a lot of vulnerabilities, as that insecure function is used in lots of plugins, including Wordfence’s own.

Newsletter

Enter your email address to subscribe to this blog and receive notifications of new posts by email.