When it comes to the response from the security industry to the exploitation of a vulnerability in the WordPress plugin WP GDPR Compliance things keep getting worse. You would think that telling people to update the plugin after it was already widely exploited instead telling them truth they should be keeping their plugins up to date at all times (which would lessen the need for their services) or lying and telling people that your service covered them when it didn’t, would be bad enough. But while looking into something related to another possibility vulnerability that had been in that plugin we came across as post from the CEO, Claudio Salazar, of a security company we had not heard of before, Alertot, who claimed this about the other serious vulnerability that definitely had had been in the plugin:

We have been monitoring this plugin for some months because we discovered a serialization bug around May and added it to our private vulnerability database at alertot. [Read more]