Login

Tag Archives: Cybersecurity Help

25 Jun 2019

Other Vulnerability Data Sources Miss That a Reflected XSS Vulnerability in Custom 404 Pro Hasn’t Been Fixed

Being warned about vulnerabilities in WordPress plugins you use isn’t much good if you are being told that vulnerabilities have been fixed when it hasn’t. That is often a problem with data sources on vulnerabilities in WordPress plugins other than the one what underlies our service.

Yesterday an update to the plugin Custom 404 Pro had the changelog entry “Fix Reflected XSS”. In looking to see if the discoverer of that had put a report we found multiple places reporting that a vulnerability had been fixed. [Read more]

15 May 2019

Cybersecurity Help Putting Out Inaccurate Information on WordPress Plugin Vulnerabilities

One of the problems we have found with selling a service that provides data on vulnerabilities on WordPress plugins is how many entities are out there that are putting out free, but highly inaccurate information on them, where they present things in a way that would indicate that they are professionals providing accurate information. If people believe they can get high quality data for free, it isn’t hard to believe they are going to be less inclined to pay for it, though for those that could afford and need accurate data, getting misled is major downside of this for them as well as us. We just ran across another source providing vulnerability data on WordPress plugins, Cybersecurity Help, and the entry that led to us running across them while looking for something else, shows what we have long seen.

If you look at their entry for a vulnerability in the plugin Register IPs it looks professional: [Read more]