20 Dec

You Are Not Going To get The Best Information on WordPress Plugin Vulnerabilities From Twitter

Last week we looked at an example of one of the problems with WordPress’ handling of security, that being websites using plugins that contain vulnerabilities in the latest version are left in the dark about the issue, even in the case of the vulnerability already being exploited, as was the case with this vulnerability in the plugin Delete All Comments (we also found that security plugins didn’t prevent it from being exploited). We were curious to see what others were saying about the issue, so we took a look on Twitter and results were a reminder that you are not going to get the best information there.

[Read more]