Mandiant is a high-profile cybersecurity company, though considering how bad security is these days, being a high-profile company isn’t necessarily an indication of being good at security. Looking at a report from them of a claimed “stored Cross Site Scripting (XSS) vulnerability” (unusual capitalization is in the original) in the WordPress plugin Debug Meta Data you get a sense that they might not be good at security.

Under the Exploitability section of their report, they write this: [Read more]