10 Jan

WordPress Plugin Developers Don’t Do a Good Job of Making Sure There Plugins Are Free of Vulnerabilities They Know of

Our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins recently caught a good example of an ongoing problem we see when it comes to the developers of WordPress plugins, a failure to make sure that security vulnerabilities that have been in their plugins have been fully removed. In some cases that involves them only fixing one instance of a vulnerability in a plugin and not making sure that there are not any others in the plugin, in others, like this situation, making sure that the vulnerability isn’t in other of their plugins.

[Read more]