29 May

We Actually Test Out WordPress Plugin Vulnerabilities, So We Don’t Falsely Claim They are Fixed like the WPScan Vulnerability Database Does

Recently we have had a number of instances where developers of WordPress plugins incorrectly claimed that we had falsely claimed there was vulnerability in the most recent version of their plugins. Since we are well aware of what kind of problems that getting that wrong cause, we are very careful with what we do and say, so it would be very difficult for us to make a false claim like that. Others seemingly are not concerned about doing the same, so for example, another data source, the WPScan Vulnerability Database is claiming a vulnerability that had been in the plugin JTRT Responsive Tables hasn’t been fixed, despite that having been fixed before they even added it to their data set and despite it being fixed over a year and half ago. That is something we ran across recently in our monitoring of the WordPress Support Forum for information on vulnerabilities in plugins that our not already in the data set for our service.

[Read more]