It’s a bit of a concern when a developer isn’t disclosing in the changelog that they have fixed a vulnerability in their plugin, especially if they had already disclosed it. That is just what happened with the latest version of Asset CleanUp, which has the following changelog entries:

…

[Read more]