While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

This week three of those plugins were closed and none of them have been reopened. If you were a customer of our service you could have already been warned if you were using either of the two we found contain security vulnerabilities.

Instagram Feed by 10Web (10Web Social Feed for Instagram)

The plugin Instagram Feed by 10Web (10Web Social Feed for Instagram), which has 80,000+ installs, was closed last Friday. The plugin appears to have been closed due to the name. It also is insecure.

10Web Social Feed

The plugin Instagram 10Web Social Feed, which has 40,000+ installs, was closed last Friday.  In a quick check over the plugin we didn’t see any obvious serious security issues in it.

Maintenance

The plugin Instagram Maintenance, which has 400,000+ installs, was closed on Wednesday. The plugin was apparently closed due to an issue that really wasn’t an issue.  We found that it contains a security vulnerability and looks to contain additional security issues.

---

Need Continued Support for a Closed Plugin?

Does your website depend on a WordPress plugin that is no longer being supported by the original developer? With our Abandoned WordPress Plugin Maintenance Service, we can maintain the plugin for you, so you can safely use the plugin going forward.