The changelog for the latest version of Easy Registration Forms “Security improvement.” When we looked at the changes made in that version to see if there was a vulnerability should be adding the data set for our service what we saw was that insecure code being changed should have been flagged by our Plugin Security Checker, an automated tool that can identify some possible issues in WordPress plugins, if someone had run the plugin through that. In comparing the results of the tool for the previous version of the plugin versus the changes made, we found that only two of three instances of it flagged by the tool had been fixed. One possible explanation is the developer was inadvertently fixing a vulnerability when making an unrelated security improvement.

With the developer mode of the Plugin Security Checker enabled this line of code is still flagged by the tool in the new version of the plugin: [Read more]