In the past we recommended the data on vulnerabilities in WordPress plugins from the WPScan Vulnerability Database as a good free alternative to our service, as while the quality of data was much lower, it was available for the right price for a lot of websites. More recently things have gotten worse, without a workaround for those relying on their data, so if you need access to this type of data our service is really the only good option.

One problem we have long seen with their data is that they would claim vulnerabilities had been fixed when they hadn’t. In the past you could double check if the vulnerability was fixed with a proof of concept included in their data or linked to, but often that now isn’t possible. Take this entry from yesterday for the plugin Ads for WP. Here is the totality of the details: [Read more]