29 Jun

What Happened With WordPress Plugin Vulnerabilities in May 2018

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

[Read more]

04 Jun

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Form Maker

This Vulnerability Details post about a vulnerability in the plugin Form Maker provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

02 May

Even Popular WordPress Plugins Not Getting Much Needed Cursory Security Checks

One of the ways we are very different from the other sources of vulnerability data on WordPress plugins that we are aware of, is that we actually review each reported vulnerability when preparing to add it to our data. That means that we can provide higher quality data than other sources, so you don’t get told among other things that an unfixed vulnerability has been fixed and don’t get warned about vulnerabilities that don’t exist as you do with other sources. That also means we have looked at numerous reports and we have seen the good and the bad of handling of security in WordPress plugins. Something we ran across recently managed to surprise us and is a good reminder that even popular plugins can have glaring security failures that are left in place for years.

[Read more]