If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during August (and what you have been missing out on if you haven’t signed up yet): [Read more]
While looking into a possible expansion of what we check during our security review of WordPress plugins chosen by our customers we found that the plugin Cherry Services List had an authenticated information disclosure vulnerability. That was caused by the fact that contributor and author level users could duplicate posts that they would not have been able to edit. That could for example, have allowed them to gain access to the contents of password protected posts.
The plugin makes the function duplicate_post_as_draft() available to anyone logged in through the admin_action action (in the file /admin/includes/class-cherry-services-meta.php): [Read more]