CEMU PLUGIN LOADER MAKES IT EASY TO LOAD IN DLL PLUGINS

Cemu Wind Waker

(Last Updated On: July 13, 2017)

The Cemu emulator updates may have slowed down due to the fact that the Cemu Team has made the Wii U emulator about as good as most people could have hoped for, and with only some optimization and compatibility feats left, the community is focusing more on third-party support such as plugin loaders.

Over on the Cemu sub-Reddit, user Growlith1221 designed a new DLL plugin loader for the Cemu emulator. This allows users to load in custom third-party plugins and hook them into the Cemu easily without a lot of huffing, puffing or configuring going on.

Growlith1221 explains that the Cemu Plugin Loader doesn’t do anything special outside of loading in additional DLL files to make it easy to load up add-on packs, fixes, or other community-made updates. He does mention that eventually a GUI will be made available, writing…

“[…] right now, it’s working as a simple plugin loader, in the future(possibly in a few days actually), a gui will be available for various other things like choosing which dll(s) you want to load and whatnot”

You can download the Cemu Plugin Loader right now from the Dropbox download page.

It’s suggested that you don’t use the Cemuhook in conjunction with the Cemu Plugin Loader, so it’s something you definitely need to keep in mind.

Updates for the main emulator have slowed down quite a bit after the latest main release. For the most part, the big surge happened when the Cemu was just starting to emulate The Legend of Zelda: Breath of the Wild, but now that the game is mostly playable, it’s no longer a top priority for the community to express vested interests the way they did when the game first came out.

Nevertheless, Cemu is still a free Wii U emulator for PC, so you can download the latest version of from over on the official Cemu website.

7 of the best new free VST/AU plugin synths to download in 2017

Image result for 7 of the best new free VST/AU plugin synths to download in 2017

Free and easy

How to Install a WordPress Plugin on Your Website

If your website was built using WordPress, one of the best things you can do for your small business is to learn how to install a WordPress plugin.

While that may sound like hyperbole, consider this: WordPress plugins, the majority of which are free, extend and expand the functionality of your website up to and including the ability to automate and manage your business — from online marketing to lead capture and from sales to delivery — faster and more consistently than you do today.

How many more clients or customers could your business add and serve using that extra time?

That’s the power of WordPress plugins.

There are currently more than 36,375 plugins available at wordpress.org. That’s a lot. But don’t let the sheer number of plugins scare you away, because we’re going to show you how to pick a good plugin out of that pile. Then we’re going to show you how to install a WordPress plugin you chose on your own site so you can start reaping the benefits of the plugin’s added functionality to manage your business.

Good to Know Before Moving On

Hosted vs. Non-Hosted

Of course, WordPress comes in two flavors: hosted  and self-hosted.

When you create your WordPress site over at wordpress.com, you’re using the hosted option. While not as customizable as the self-hosted option, it’s the perfect platform if you want to get up and running quickly. Unfortunately, your choice of plugins is much more limited when your site is hosted and that curtails the benefits you can realize from using plugins.

If you create your WordPress website over at one of the many available hosting companies, you’re using the self-hosted option. Infinitely customizable, self-hosted WordPress sites can use any of the 36,375 plugins available over at wordpress.org and that’s a good thing.

Two Key Factors to Consider Before Selecting a WordPress Plugin to Install

Because of feature enhancements and bug fixes, WordPress’ code is updated on a fairly regular basis. After each update, there’s always a chance that a plugin that worked with the older version of WordPress may not work with the new one.

To make a particular plugin work with the latest version of WordPress, it needs to be updated as well and therein lies the problem. Since most plugin developers offer their work for free, they sometimes drop the project somewhere along the way and the plugin stops getting updated.

These plugins are “dead” and if a plugin you are using dies, you’ll need to search for a replacement.

To minimize the chance that you’ll face this headache, you should always pay attention to these two factors when selecting a plugin to install:

When Was the Plugin Last Updated?

A plugin that gets updated often is a plugin that is less likely to die.

To figure out if your plugin has been updated to the latest version of WordPress, first visit the plugin’s page on wordpress.org and look underneath the header on the right. There you’ll see up to which version the plugin is compatible (in the image below, that’s version 4.1.1).

how to install a wordpress plugin

Next, head on over to the front page of wordpress.org and look at the lower of the blue download buttons on the right. As you can see, WordPress version 4.1.1 is the latest WordPress update, so the plugin above is A-OK.

how to install a wordpress plugin

Another way to check this is to search for a plugin using your WordPress dashboard (more on how to run that search in just a bit).

As you can see in the search results below, one of the plugins was tested and declared “Compatible” and one was not. Always try to select plugins that are tested and compatible as that means they’re up to date (assuming of course that you keep your WordPress version up to date which you should).

how to install a wordpress plugin

One other thing to beware of is when the “Last Updated” date is more than a year old (and many, many of them are). If that’s the case, it’s likely that the plugin is dead.

Do the Developers Provide Timely Support?

Since most plugins are free, there’s not a lot of incentive for a developer to provide support. They need to have the passion to continue supporting their work and the drive to see it through.

As this is the case, you should always check on the level of attention a developer devotes to support before selecting their plugin. To do so, visit the plugin’s page on wordpress.org and click on the “Support” tab as shown below:

how to install a wordpress plugin

Once you’re at the support discussion forum for that plugin (as shown below), look around to see what you can find. Does the developer respond in a timely manner or do questions languish for weeks? Do they provide service with a smile or are they snippy and rude?

how to install a wordpress plugin

Bad service is a strong sign that the plugin may be dying.

How to Install a WordPress Plugin

There are two ways to install a WordPress plugin using the WordPress dashboard:

  1. Search for a plugin and install the one you want to use, and
  2. Upload a .zip file containing the plugin and install its once it’s ready.

Search for a Plugin and Install the One You Want to Use

Here are the steps to follow:

  1. Login to your WordPress dashboard and click “Plugins” in the left column:

Your WordPress Dashboard

  1. Click on “Add New” under “Plugins in the left column to be taken to the, “Add Plugins” screen:

how to install a wordpress plugin

Here, you can begin your search for plugins using the first of three methods. Using the links at the top, you can look for “Featured”, “Popular”, Recommended” and “Favorites” plugins. This is the best way to search if you want to explore what’s out there for you to use for your own site.

  1. If you know the name of a plugin you want or some keywords for what the type of plugin you want does (e.g. social sharing, image slider), the second way to search is the search field on the top right of the “Add Plugins” screen:

how to install a wordpress plugin

This image also shows the, “More Details” link that we’ll talk about in step 5.

  1. The third and final way to search for a plugin is to use the tags at the bottom of the “Add Plugins” screen. This method combines the exploring of the first search method with the refinement of the second search method:

how to install a wordpress plugin

  1. When you want to take a closer look at a plugin, click the “More Details” link (as shown in the image under step 3 above) and you’ll get this pop-up details screen:

how to install a wordpress plugin

Note the tabs along the top (under the red image). Here’s where you can learn all about the plugin as well as see screenshots of the plugin in action.

If you’re ready to install this plugin, click the blue “Install Now” button on the bottom left of the details screen.

  1. Once the install is complete, you’ll see the following screen:

WordPress Plugin Installed - Activate?

It is possible to install a plugin without activating it (e.g. you install a new plugin but want to minimize the impact if something goes wrong when you activate it so you don’t activate it until the weekend when your website traffic is lower), which is why you see the choice to activate the plugin above. Let’s say we’re ready to forge ahead and click the, “Activate Plugin” link.

  1. And your plugin is installed! Congrats! To start using your plugin, look for it’s menu link in one of three places:
  • The left column,
  • Under the “Plugins” menu, or
  • Under the “Tools” menu as shown in this example:

how to install a wordpress plugin

Upload a Zip File Containing the Plugin and Install its Once it’s Ready

Often, a WordPress plugin will have a free version with basic functionality and a premium version with expanded features.

When you purchase a premium plugin, you typically receive a .zip file containing the plugin. Use this approach to install your new plugin:

  1. Download the plugin according to the developer’s instructions. You can also download any of the free plugins on wordpress.org if you want to use this install method as opposed to the one above. In that case, each plugin has a button like the one shown below:

how to install a wordpress plugin

  1. Once you click the download button, you’ll see a pop-up like this:

Choose to save the file and then click, “OK”:

how to install a wordpress plugin

  1. Next you’ll need to tell your browser where you want the file saved to. Make sure you select a spot that you’ll remember.

Note: if you don’t see a screen like the one below, your file was saved to you “Downloads” directory automatically so look for it there.

how to install a wordpress plugin

  1. Now that you have the plugin .zip file downloaded, it’s time to upload it to your site using the WordPress dashboard.

Head on over to the “Add Plugins” screen and click the “Upload Plugin” button as shown below:

how to install a wordpress plugin

  1. On the next screen, click the “Browse” button:

how to install a wordpress plugin

  1. Then, in the window that pops up, find the plugin’s .zip file, click on it and then click the “Open” button:

how to install a wordpress plugin

  1. Now that you’ve told WordPress which file to upload, click the “Install Now” button to begin:

how to install a wordpress plugin

  1. And finally, we’re back at this screen. Head on back to the, “Search for a Plugin and Install the One You Want to Use” section and pick up from step 6 to finish up. Congrats! You’ve installed a WordPress plugin for your site.

[“Source-smallbiztrends”]

Reason 9.5 users can download Waves’ AudioTrack plugin for free

To celebrate the fact that Reason now supports VST plugins, Waves is giving users of Propellerhead’s DAW the opportunity to download its AudioTrack processor, which offers EQ, compression and gating, for free.

Said to offer an intuitive and easy-to-use interface, Reason 9.5 users can download AudioTrack for nothing until 31 July 2017, after which the price will rise to €25.

“We’re thrilled to work with Propellerhead as they embrace the world of VST plugins,” said Udi Henis, Waves International Marketing Manager. “Musicians love Reason’s unique workflow, and we’re excited for our customers to find new ways to use Waves plugins within Reason’s modular environment.”

“With VST support in Reason 9.5, we’re excited to work with Waves and offer Reason 9.5 owners AudioTrack for free,” said Mats Karlöf, Propellerhead Product Manager.

AudioTrack is available now from the Propellerhead Shop.

[“Source-musicradar”]

View plugin content without plugins with the NoPlugin browser extension

For various PC problems, we recommend to use this tool.

This tool will repair most computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Quickly fix PC issues and prevent others from happening with this software:

  1. Download ReimagePlus (100% safe download and endorsed by us).
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues.

NoPlugin is a browser add-on for Chrome, Firefox, and Opera created to fix web content that requires plugins on the web.

The future is HTML5…

Plugins won’t be around for a very long time anymore because major developers have announced that traditional plugins won’t part of their future browser efforts. The web is headed to an HTML5 future and plugins will become just a memory. On the other hand, Flash will keep sticking around for a while longer and depending on the browser you’re using, other plugins outside of Flash-based ones may not work anymore.

…but some sites still require plugins

Removing support for plugins will impact UX and even if browsers do not support plugins, many sites still need them for their content. If you reach this kind of website and you’re using a modern browser, you will most likely get an error message.

The fact that browsers stop supporting plugins will make site content unavailable. There are already many websites that are using HTML5 for their content, but unfortunately, some sites will never get to be updated or maintained due to various reasons including the operator’s lack of investment.

Meet the NoPlugin extension

NoPlugin is a solution to all of the above. It’s a cross-browser, open-source extension that works by scanning web pages for plugin content and is limited to media content. Depending on a particular website’s content, the extension might react in two ways:

  1. If the browser can play the site’s content without plugins, the embedded content will be replaced with an HTML5 player and the content will be played straight in the browser.
  2. If the browser cannot play the content, the user gets a download option and the content can be downloaded to the user’s local system and played with a local player.

The extension can play mp3, mp4, m4a, and wav files straight in the browser. It’s also good to know that other media content won’t play directly, but you’ll get the option of downloading it on your system.

RELATED STORIES TO CHECK OUT:

  • Google will add a built-in Chrome Ad Blocker
  • These are the best Chrome extensions to protect your privacy in 2017
  • Speed up Google Chrome with these extensions

[“Source-ndtv”]

Google Sends New Round of Outdated Plugin Warnings

Revolution Slider was the reason why hundreds of thousands of WordPress blogs were exploited by hackers back in 2014.  And one of the problems was that this plugin came as part of a WordPress theme bundle, and so they weren’t installed individually for site owners to update the plugins via the WordPress plugin dashboard.

Previously, Google has sent out update reminders to site owners using various plugins as well as outdated versions of WordPress and Joomla.  It isn’t known if this latest round is just for the Revolution Slider plugin but there are many plugins out there that are exploitable by hackers if they are not updated or removed.

It is also a reminder that site owners should always ensure their CMS as well as plugins are up-to-date.  There have been many issues of exploits with popular plugins including ones by Yoast, Shareaholic, WP Super Cache, and more.

This isn’t a manual action, however, if the site does get hacked, Google can flag the site in the search results as being hacked or unsafe, and can remove it until the problem is resolved.

Don’t forget that if you have been hacked with this plugin, simply updating the plugin will not remove the hacked content.  You will still need to remove the hacked content separately.

[Source:-The Sem Post]

How to add cloud functionality to your WordPress site with an easy to use plugin

One reason I always recommend WordPress for more than just blogs is its flexibility. With WordPress you can create sites centered around blogging, services, e-commerce, community, and so much more. Plus, with the help of a massive repository of plugins, WordPress can be expanded into almost any type of site.

If you use WordPress as either a community or a client-based website, you’ll be interested to know about a cloud-centric plugin called WP Cloud that enables users to:

  • Upload and view files
  • View assigned cloud space
  • View cloud space used

Must-Read Cloud

  • Take advantage of training and certification discounts for Microsoft Azure
  • Video: The 5 trends that form the future of cloud computing
  • Video: The hybrid cloud ‘condition,’ and what Amazon is doing to address it
  • Subscribe to TechRepublic’s Cloud Insights newsletter

At the moment, the plugin is limited in what it can do, and it doesn’t have an associated mobile plugin yet, but what it does offer goes a long way to extend the built-in features for users.

A word of warning about WP Cloud: The development has come to a standstill over the last two years. Even with that in mind, it’s a solid solution if you want to allow your users a bit of cloud space on your WordPress site. Hopefully, with a bit of prodding, the developer will resume working on it again, or open source the code so it can be continued by another developer.

Let’s install and use WP Cloud. I am assuming you have access to the admin section of your WordPress site.

SEE: Working with WordPress: Control your site support, prevent zombie apocalypse (ZDNet)

Installing WP Cloud

The installation of WP Cloud is as simple as installing any other WordPress plugin.

  1. Log into your WordPress site as the administrator or as a user that has admin permissions.
  2. Click Plugins | Add New from the left navigation.
  3. In the Search Plugins box, type WP Cloud and hit Enter on your keyboard.
  4. Click the Install Now button associated with the WP Cloud plugin.
  5. Once the installation completes, click the Activate button.

    Using WP Cloud

    The WP Cloud plugin is now available for your users. Each user has to point their browser to http://SITE_URL/cloud (SITE_URL is the actual domain or IP address of your WordPress site). Each logged in user will be presented with their cloud space on the site. Note: Users have to be registered and logged into the site to use the WP Cloud plugin.

    Before opening the floodgates to users, you might want to take care of a little housekeeping first. If you go to Cloud | Settings, you can set a user quota for the plugin—this is especially important when you’re limited on server storage space. This is an all-or-none quota, which means you cannot set different quotas for different users. There are really only two options:

    • 0 = cloud hosting disabled
    • X = any positive number (in megabytes) will enable hosting and set the quota to that number

    There is also a setting called “overlaps” (which is described as Overload in the documentation) that allows you to set a percentage that will—once it’s reached—prevent a user from uploading a file. The description, according to the developer, is:

    • 9 of 10 MB used. Overload 10%. File to upload: 2MB. -> YES
    • 9 of 10 MB used. Overload 0%. File to upload: 2MB. -> NO
    • 10 of 10MB used. Overload 10%. File to upload: 1MB. -> NO
    • 9.99 of 10MB used. Overload 10%. File to upload: 1MB. -> YES

    This allows you to prevent users from uploading files when they are close to their quota. You set the overlaps in percentage from 0-100.

    When you have the quota and overlaps settings ready, you can point users to the cloud link for your site. When a registered/logged in user goes to the cloud URL, they will be greeted by a simple page that allows them to upload, view, and delete their files (Figure B). The user will also see the percentage of space used in their cloud storage.

    Shortcodes

    The developer has enabled shortcodes so you can add custom pages that include WP Cloud options. The available shortcodes are:

    • [cloud] prints a list of files for the current user
    • [cloud_show id=”0″] prints a list of files of the given user id
    • [cloud_upload] prints a simple upload form that allows the current user to upload a file in his/her directory
    • [cloud_send] prints a simple upload form that allows the current user to upload a file to another user directory by specifying login_name or email

    Here’s hoping for more

    WP Cloud is a handy plugin to add to various types of WordPress sites. Although WP Cloud is limited in features, it makes up for it in ease of use.

    My hope is that the developer will either return to work on the plugin or allow someone to fork it so that it can expand its feature set. Even as it is now, WP Cloud is a worthwhile addition to WordPress.

[Source:-Tech Reepublic]

How a popular website plugin became a serious security liability

How a popular website plugin became a serious security liability

For the vast majority of people in 2017, creating a website is simply a matter of combining a number of off-the-shelf components until they end up with something that does what they want it to.

Anyone wanting to create an online shop could just hack together WordPress and Shopify. There are a plethora of affordable plugins and tools that allow you to turn a barebones blog into a fully-featured social network – like Peepso – or a YouTube-style video sharing site.

Now is a great time to have lofty aspirations, but lack any sort of technical prowess whatsoever.

But there’s a big problem with this approach. Whenever you use someone’s code, you’re essentially making a big leap of faith that they know what they’re doing. There’s always a possibility that any plugin or tool you use comes with a serious security vulnerability. That was certainly the case with the popular (and self-explanatory) HTML Comment Box plugin, which is used by around 2 million blogs and websites.

Stored XSS: An Explainer

Karim Rahal, a brilliant 14-year-old security researcher and ethical hacker from Lebanon, discovered the stored XSS (cross-site scripting) vulnerability in the plugin. Before we delve into how he did it, it’s probably a good idea to explain what Stored XSS is.

Many websites let you upload your own text-based content. This could be anything – from an entry in a guestbook, to an insightful comment on a blog post.

Now, what if the text you added was actually a piece of malicious code that got stored and rendered to anyone who visited the website from that point on? That’s called stored XSS.

Most competent web developers know how to filter it. The problem is, there are a myriad of ways in which you can obfuscate XSS attacks so that they slip past any filters, and it’s extremely hard to account for all of them.

That’s essentially how Karim was able to compromise the HTML Comment Box plugin. He embedded a small JavaScript proof-of-concept within an IMG tag, and then concealed that with what’s known as an “Extraneous open brackets” payload. This is a technique he learned from his friend, fellow teenaged security researcher Ibram Marzouk, who discovered a similar vulnerability in PasteCoin a few months earlier.

This was the code he used. It doesn’t look like much. Indeed, it doesn’t do much. When executed, it merely forces the browser to create an alert pop-up that says ‘1’. But it was able to bypass all the XSS protections the developers had created.

Credit: Karim Rahal

In the wrong hands, it could be used to spread malware, either through drive-by download attacks, or by redirecting people to malicious websites.

Communicating the vulnerability

Getting in touch with the developers was harder than Karim expected. But thanks to an ongoing relationship he has with Swedish security giant Detectify Labs, they were able to help.

Karim explained: “About two months ago I was invited to Detectify’s Crowdsource program, which is a program where hackers contribute to their scanner with known vulnerabilities and in return they get paid. Through the Detectify Crowdsource program I reported the HTML Comment Box vulnerability stating that I wasn’t able to find the developer’s contact info. After some research from their side, they were able to find the developer’s email address.”

All things said, the developers of HTML Comment Box were pretty sanguine about their cherished plugin getting pwned by someone still in high school. Karim let them know about the vulnerability on November 30, 2016. By December 1, the vendors had created and issued a fix.

Upon reflection, Karim has some pretty strong advice for anyone using any form of CMS system: “If you fully want to be secure then you shouldn’t be using external plugins.” If that’s unavoidable, you should also ensure that auto-update is enabled.

At the very least, this episode is a reminder of the dangers inherent in relying on other people’s code.

Stored XSS-ing Millions Of Sites Through HTML Comment Box on Detectify

[Source:-TNW]

Adobe is forcing people to install a Chrome Plugin with its latest Reader update

This week Adobe pushed out a series of crucial security fixes to its PDF reader. Alongside the updates, the software firm appears to have installed an extra plugin onto the computers of customers.

According to numerous unconnectedindividuals on Twitter, the latest Adobe Reader update prompts people to install a Google Chrome Plugin.

The Adobe Acrobat and Reader updates (15.023.20053) are part of a release designed to fix a flaw that could let hackers take “control of the affected system”. But when you install this security fix, the Adobe Acrobatplugin is automatically added to your browser.

“It auto-installed,” security expert Troy Hunt told WIRED. “I literally walked up to my PC and the prompt was already there.”

When enabling or downloading the Chrome Plugin, people are required to grant it three specific permissions next time they open Chrome: to “read and change all your data on the websites you visit”, “manage your downloads”, and “communicate with cooperating native applications”. The plugin is intended to let users easily convert websites into PDFs. It should be noted that you can choose not to enable the plugin, and you don’t have to hand over permissions to Adobe in order for the bug fixes to take effect.This technique of auto-installing plugins is typically used by hackers to get access to people’s computers. Although this Adobe plugin appears to be from a legitimate source, it’s concerning that a company dogged with security issues should use such a tact.

WIRED has contacted Adobe for comment on the auto-install but the firm had not responded at the point of publication.

Adobe, in support documentation, issued alongside the plugin, says URL data is not collected for the company. “This [permission] is required to allow the extension to convert HTML content to PDF,” Adobe says. “However, the URL information is not sent back to Adobe.”

Hunt added: “I suspect Adobe is attempting to take a slice out of the native in-browser PDF viewers, but this certainly felt a bit too bullish.”

The firm continued that the information collected only includes the browser type and version, Adobe desktop production information, and data on how menu options or buttons are selected. It does not include personal information that could be used to identify a person, for example. Adobe claims that it details how it uses that information in its privacy policy.

The Adobe security updates were introduced to stop potential hackers from accessing computers remotely and installing malware. Across Adobe Reader, Acrobat and Flash Player there were 42 fixes for known problems.

[Source:-Wired]

TALES OF WORDPRESS PLUGIN INSECURITY OVERBLOWN, RESEARCHERS SAY

wordpress_plugin_vulnThe insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it’s not as bad as it seems, experts claim. Hendrik Buchwald, a researcher and cofounder of RIPS, a German firm that performs static source code analysis, recently combed through tens of thousands of WordPress plugins to see just how vulnerable they are. As part of their investigation, the company used a tool to search for vulnerabilities in PHP scripts. It downloaded all 47,959 official plugins from WordPress’ repository and reviewed each plugin that had at least one PHP file, roughly 44,705 plugins. Buchwald said that from there, researchers with the firm looked at larger plugins – plugins with more than 500 lines of code – about 10,523 in all. About half of the plugins – 4,559, or 43 percent – had at least one medium-severity security issue. That figure, while alarming, is somewhat misleading however, according to a write-up Buchwald posted on the analysis on Wednesday. “There are lot of attacks on WordPress sites, but one of the main reasons for this is the large amount of sites running WordPress,” said Buchwald. “Percentage-wise the amount of vulnerabilities is not as bad as often assumed, but it is far from good.” The vulnerabilities aren’t evenly disbursed across the plugins. After cross-referencing the number of plugins with no issues, low, medium, and critical severity issues, he found that the “vast majority of plugins” didn’t have vulnerabilities at all. Those that did however, likely had a surplus of vulnerabilities, he claims. The more lines of code a plugin had, the more likely it was to fall into that latter camp. According to the research, plugins with fewer than 1,000 lines of code had next to zero vulnerabilities. While a large percentage of the internet’s sites may be built on WordPress, RIPS’ research suggests only a small percentage of the plugins used on those sites contain vulnerabilities. “WordPress is not as insecure as its reputation would suggest,” Buchwald said Wednesday, “Rather it is a top target due to its incredible prevalence. While many plugins do not contain vulnerabilities at all because of its small size, the ones that do have issues, have a lot of them. The more lines of code a plugin has, the more vulnerabilities it has on average.” The report drills down on the security of two plugins in particular, a WordPress firewall plugin All In One WP Security & Firewall and a podcast management tool, Podlove Publisher. All In One WP Security & Firewall, which has 400,000-plus installs, could have allowed an attacker the ability, assuming they had access to the admin panel, to make read-only files writable. A cross-site scripting vulnerability also existed in the plugin. Podlove Publisher, which has far fewer installs, 2,000-plus, meanwhile suffered from multiple SQL injections and a cross-site scripting vulnerability. Researchers surveyed a handful of popular WordPress e-commerce plugins about a month ago, shortly before Black Friday, and found that four of the top 12 contained severe vulnerabilities. While the researchers behind that analysis declined to name the vulnerable plugins, it did warn that the bugs were tied to reflected cross-site scripting, SQL injection, and file manipulation flaws. RIPS’ research echoes those findings. Nearly 70 percent of the vulnerabilities it uncovered were cross-site scripting flaws, the second most popular vulnerability it found were SQL injections. Like death and taxes, vulnerabilities like in WordPress plugins have become a near certainty. Upwards to 75 million websites depend on WordPress and some of the more popular plugins boast more than 1 million active installs. In the past several years vulnerabilities that can allow for site takeover, the bypass of two-factor authentication, and the theft of password hashes and other database information have surfaced.

[Source:-Threat Post]