15 Sep

CVSS Vulnerability Scores Provide Misleading Results for WordPress Plugin Vulnerabilities

We recently have been looking to see if there is additional data that we can add to our service that would be useful to our customers. So far that has resulted in us adding data on false reports of vulnerabilities to the results shown on the admin page of the service’s companion plugin. Another item that we have taken a look and decided not implement, but we thought was worth publicly discussing, is including vulnerability scores based on the popular common vulnerability scoring system (CVSS).

[Read more]