_{As part of our cataloging the vulnerabilities in WordPress plugins for our service we come across false reports of vulnerabilities from time to time. So that others don’t spend their time looking over these as well we post our findings on them.}

Last week a reflected cross-site scripting (XSS) vulnerability was claimed to be in the eShop plugin. In a sign that the claimed vulnerability was not properly reviewed before the report was published, the Exploit Code section of the reporty simply contains a vulnerability identifier instead of actual exploit code. If the discoverer had tried to create exploit code for the vulnerability they thought existed they would have seen that it didn’t actually exist. [Read more]