22 Nov 2021

Microsoft, Cyber Security Works, and Patchstack Don’t Understand a Basic Element of Security

Recently a security company we had not heard of before, named Cyber Security Works, released a report on a claimed stored cross-site scripting vulnerability that had been in the WordPress plugin Microsoft Clarity. The report is a mess.

They list the “affected vendor” as “WordPress 5.8.1”, while the actual vendor is Microsoft. [Read more]

6 Jan 2016

Ridiculous Vulnerability Report: NextGEN Gallery Cross site Scripting (XSS) Vulnerability

All too often we see that very serious security issues are not treated with the significance they should. What doesn’t help that situation is when security companies and other in the security community take relatively minor issues and try to make them in to something much larger than they actually are. Let’s take a look at an example that we came across the other day while reviewing new reports of vulnerabilities in WordPress plugins.

A company named Cyber Security Works put out a report claiming there is a “High” risk cross-site scripting vulnerability in the NextGEN Gallery plugin. The vulnerability report describes it as such: [Read more]