How Our Customers Helped Make WordPress Plugins More Secure, Week of March 1
Our customers provide us with the ability to help make WordPress plugins more secure. Mostly, with plugins they use, but to a lesser extent other plugins. That work often goes unmentioned. So we are highlighting that to help to better understand what is going on and how signing up for our service can help to expand that work.
Vulnerability Fixed in Finale Lite
A couple of weeks ago we noted that a vulnerability in a plugin being targeted by a hacker hadn’t been fully fixed. We also found that another plugin from the same developer was not fixed at all. This week that second plugin, Finale Lite, was fixed enough to stop exploitation. It still isn’t fully secured, though.
WooCommerce Issue with Security Fix Changelog Entries
For the second time recently that we are aware of, the changelog for WooCommerce will be listing a security issue as being addressed in a version later than it was addressed. The second issue involves a vulnerability, but it isn’t listed as being a security fix. We brought that up with a member of the WooCommerce team that handles developer relations and they are bringing it up with other members of the team, so hopefully the situation will be improved.
Catching Partial Fix of Vulnerability in WP File Manager
Earlier this week the 1+ million install plugin WP File Manager partially fixed a vulnerability. You wouldn’t know that a vulnerability was trying to be fixed from the changelog, as it read “Fixed Language issue.” Using machine learning, a form of artificial intelligence (AI), we were notified that the changes made look to be fixing a vulnerability. We found that fix to be incomplete. We notified the developer on Wednesday, but unfortunately, the issue still has yet to be addressed.
Plugin Security Scorecard Grade for WooCommerce
Checked on March 31, 2025See issues causing the plugin to get less than A+ grade