Vulnerabilities

Yoast SEO Plugin Authenticated, Stored XSS Vulnerability

The “snippet preview” functionality of the Yoast WordPress SEO plugin was susceptible to cross-site scripting in versions before 2.2 (<= 2.1.1). This vulnerability appears to have been reported 2 years ago by someone named “badconker”, but the plugin author said that it was already patched. Unfortunately, it appears that this is not the case. If you are running this plugin, I recommend updating to the latest version.

Yoast WordPress SEO XSS in action

Yoast WordPress SEO XSS in action

Continue reading

Evading security logging when logging into DigitalOcean (Fixed)

I noticed a while back that when I carelessly entered my login credentials to the form for registering a new user account on the front page of the DigitalOcean site, it would still log me in. Neato.

However, I was slightly less amused when I noticed that the login event didn’t show an IP address in my security history.

Security history page with IP address conspicuously missing

User.login event with IP address conspicuously missing

I reported this at the time the screenshot was taken several months ago. It appears they have recently fixed the issue.

Just a reminder that not all vulnerabilities are obvious, and you can’t find them all with BURP.