Defender Pro WordPress Plugin Flags Harmless Code in Plugin While Missing Actual Vulnerability
The most recent version of the plugin WP-Stateless was flagged by monitoring we do for a couple of reasons and in looking at those we yet another reminder of the better results caused by us doing the work that other in the security space don’t do, which leaves their customers at a large disadvantage (and if we had more customers could lead to better results for everyone using WordPress).
One of the reason it was flagged was due to our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities, which flagged possible vulnerable code that led to us finding the plugin contains an authenticated remote code execution (RCE) vulnerability. [Read more]