Last week we mentioned that we had found a couple of vulnerable WordPress plugins when we ran the ones also available in WordPress fork ClassicPress’ plugin directory through our Plugin Security Checker. One of those was promptly fixed after we notified the developer of the issue. With the other AlertMe!, we haven’t even got a response from the developer in over a week, so in line with our reasonable disclosure policy, we are disclosing the vulnerability.

Like the other vulnerability, this has existed in the plugin since the first version, despite being easy to detect. The WordPress Plugin Directory Team could easily have systems in place to catch and automatically warn developers of this type of issue. We have repeatedly offered to help them implement this type of thing, but, like other attempts to help them improve their poor handling of security, they have shown no interest. [Read more]