25 Jun

Other Vulnerability Data Sources Miss That a Reflected XSS Vulnerability in Custom 404 Pro Hasn’t Been Fixed

Being warned about vulnerabilities in WordPress plugins you use isn’t much good if you are being told that vulnerabilities have been fixed when it hasn’t. That is often a problem with data sources on vulnerabilities in WordPress plugins other than the one what underlies our service.

[Read more]

15 May

Cybersecurity Help Putting Out Inaccurate Information on WordPress Plugin Vulnerabilities

One of the problems we have found with selling a service that provides data on vulnerabilities on WordPress plugins is how many entities are out there that are putting out free, but highly inaccurate information on them, where they present things in a way that would indicate that they are professionals providing accurate information. If people believe they can get high quality data for free, it isn’t hard to believe they are going to be less inclined to pay for it, though for those that could afford and need accurate data, getting misled is major downside of this for them as well as us. We just ran across another source providing vulnerability data on WordPress plugins, Cybersecurity Help, and the entry that led to us running across them while looking for something else, shows what we have long seen.

[Read more]