Our customers provide us with the ability to help make WordPress plugins more secure. Mostly, with plugins they use, but to a lesser extent other plugins. That work often goes unmentioned. So we are highlighting that to help to better understand what is going on and how signing up for our service can help to expand that work.

Vulnerable Library Updated

Someone checked the plugin WP File Manager, which has 1+ million installs, through our Plugin Security Scorecard and it flagged usage of an outdated and insecure third-party library. We then notified the developer of that and they have now released a new version of the plugin to address that. You can check plugins you use through that to see if they are using known insecure libraries.

Missing Security Checks

Based on our proactive monitoring flagging an issue in an update of the WpEvently plugin, which has 8,000+ installs, the developer addressed a lacked of a capabilities check and nonce check that could have allowed an attacker to activate inactive plugins on the website. All plugins being used by our customer go through an extended version of that monitoring on a weekly basis.