We are always interested when automated tools are able to detect real vulnerabilities in WordPress plugins so a recent post on the WordPress Support Forum got our attention as it was claimed that Qualys had detected a SQL injection vulnerability in Better Search. Checking the proof of concept provided we could see that there was in fact that vulnerability in the plugin. Somewhat troublingly the developer’s response so far has been the following:

…

[Read more]