WordPress.org

Welcome to the official blog for the WordPress Support team.

Need help with a WordPress issue? You can find help with your WordPress problem by posting in the support forums or asking on the #wordpress IRC channel.

Want to get involved?

Answering a question in the support forums or on IRC is one of the easiest ways to get started. Everyone knows the answer to something!

We have a detailed handbook to help contributors learn how to work with the forums and IRC.

Weekly Meetings

As well as discussing support issues here on the blog, we use Slack for group communication.

Our weekly meeting is held every Thursday 17:00 UTC, with the first meeting of the month being office hours, and the next will be at Thursday, 17:00 UTC (your time zone) in #forums on SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..

Home / Support Handbook / Appendix / Breakfix Lessons / Review an intentionally vulnerable plugin

Review an intentionally vulnerable plugin

This was originally posted on WordPress Make/Plugins

Imagine that another pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party author has asked you to look at a plugin that is currently in development to check for security flaws and help them fix any that are present. Would you know what to look for and how to fix the problems? Well, a fun challenge has arrived that will test, and hopefully improve, your knowledge in this crucial area of plugin development. I have developed a small, bug ridden plugin that requires a rigorous security review and suggestions for fixes.

The code is available from https://gist.github.com/joncave/5348689

This is an incomplete plugin that aims to log any failed login attempts. Unfortunately, it actually harms the security of a site rather than enhancing it. All of the interesting parts are in vulnerable.php, so you should focus your review there. Please remember not to run this plugin on any server that is accessible to the internet!

If you spot a vulnerability whilst reviewing the code then make a note of the problem, where it’s located and what the problem is. Then come up with a patch that would solve the problem. It might also be beneficial to create a request that would demonstrate the vulnerability which can then be used to test your fix. I hope that this process will help you understand more about vulnerabilities, what sorts of things to look for when reviewing your own code, how to go about coding securely, and how to fix any problems in your own plugins if a flaw is found.

[…]

Bonus challenge: with access to a subscriber level account can you find any ways of extracting the data from an option named secret_option?

You can also download the plugin here: ~~dvp.zip Damn Vulnerable Plugin~~

DO NOT RUN THIS ON YOUR OWN SITE

Last updated: July 18, 2019

s: search
c: compose new post
r: reply
e: edit
t: go to top
j: go to the next post or comment
k: go to the previous post or comment
o: toggle comment visibility
esc: cancel edit post or comment