08 Jul

The WPScan Vulnerability Database Keeps Telling People That Unfixed Vulnerabilities Have Been Fixed

Repeating a frequent recent pattern, once again when looking to see if the discoverer of a vulnerability in a WordPress plugin had put out a report on it we instead found a competing data source for data on vulnerabilities in WordPress plugins, the WPScan Vulnerability Database, claiming a vulnerability had been fixed, when it hadn’t. Compounding that problem, others repeated that claim, as they do with all of WPScan’s data, but without disclosing where the data is coming from or its well known quality control issues. This instance of that also is a good example of where security providers continuously looking to improve what they are doing, instead of continually failing in the same way, helps to improve other parts of what they are doing.

[Read more]

06 May

What Plugin Vulnerabilities Was Up to in April

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during April (and what you have been missing out on if you haven’t signed up yet).

[Read more]