Our Plugin Security Checker allows anyone to check for the possibility of some instances of security vulnerabilities in WordPress plugins. We recently have been making some improvements to it is ability to detect the possibility of reflected cross-site scripting (XSS) vulnerabilities, which led to us checking over some of the code flagged recently by the tool for that issue to see how the changes have impacted the quality of the results. Through that we found that the plugin Export User Data, which has 20,000+ installs, contains that type of vulnerability.

Our tools flag this line of code in the plugin’s file export-user-data.php: [Read more]