One of the frustrating aspect of dealing with the security of WordPress plugins is that so often people seem to be unwilling to learn from their mistakes. The people running the Plugin Directory, for example, seem to be creating their own reality to avoid even acknowledging their mistakes. We work hard to avoid mistakes, but when they happen we are happy to learn from them and improve what we are doing.

We recently made a mistake. In looking in to the possibility that a vulnerability had been fixed in a plugin we got things wrong and wrote this: [Read more]