Part of the mess we have seen when it comes to what can and can’t be mentioned about the security of WordPress plugins on the WordPress Support Forum is that accurate information about the security of plugins is often removed, while inaccurate information is often left up. That creates a situation where there is an incorrect belief that insecure plugins are secure and that insecure plugins are secure.

As example of that, a couple years back we had responded to a topic on the Support Forum where a couple of people were wondering if what looked like probing for usage of the plugin JQuery Html5 File Upload was related to a vulnerability being exploited. We had responded that the likely cause of that was a false report of a vulnerability of a type of that was likely to be exploited, which had been released the week before. The original poster had thanked us for that information and the marked the topic resolved. Three months later our reply and the one just thanking us were deleted, with no reason given, which seems very odd. [Read more]