One of the things we do to make sure we provide the best data on new vulnerabilities in WordPress plugins is to monitor the wordpress.org support forum for threads discussing those. In doing that one of the things we have been seeing a lot of is people reporting that plugins have vulnerabilities based on claims made by web hosts. Most of those threads don’t end having any impact and some end up being very unproductive.

If your web host is telling you that you were hacked through a WordPress plugin here are things you should know and do: [Read more]

While hopefully the Plugin Directory will improve the process of reporting vulnerability and other security issues in plugins soon, in the meantime people still need to be able to report them and its clear that they don’t know how in many cases. So we put together this quick guide on doing that based on our experience  from reporting the vulnerabilities we have discovered as well as lots of others publicly disclosed security issue that no one bothered to report to a party that could get it resolved.

You have two major options to report the vulnerability either contacting the developer of the plugin directly or contacting the Plugin Directory. [Read more]