If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
While looking into what hackers might be targeting plugin Sharexy, we took a look at what appeared to be related request to see if a file that previously had existed in the plugin Gallery by BestWebSoft was on our website. The file requested was /wp-content/plugins/gallery-plugin/upload/php.php, which has been claimed to have an arbitrary file upload vulnerability as of version 3.06. Though at least by our definition that isn’t true because the extension of the files that could be uploaded through that file is limited.
Last Thursday we notified the developer of the plugin Contact Form by BestWebSoft of the results of our security review of their plugin (the plugin was chosen by our customer to receive a review from us). One of the issues we noticed was reflected cross-site scripting (XSS) vulnerability, which we also found existed in 40 other of their plugins due to the code that caused the vulnerability being shared among the plugins.