On Friday, WPMU DEV partially released a security update for the WordPress plugin Broken Link Checker. The changelog for the new version is “Fix: Patched a vulnerability issue.” There are a couple of problems with that. First, they didn’t set it, so the update is being offered to those already using the plugin or new users. Second, the fix was incomplete. Unsurprisingly, the developer is part of the Patchstack Vulnerability Disclosure Program, which signals that the developers are not handling security right and not making sure issue are fully addressed.

...

---

This post provides insights on a vulnerability in a WordPress plugin not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so the rest of its contents are limited to subscribers of our service.

If you were using our service, you would have already been warned about this vulnerability if your website is vulnerable due to it. You can try out our service for free and then see the rest of the details of the vulnerability.

For existing customers, please log in to your account to view the contents of the post.