If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during November (and what you have been missing out on if you haven’t signed up yet): [Read more]
If WordPress eventually has leadership that doesn’t treat the real security issues with WordPress plugins as being “hypothetical” as they currently do, there is a lot that could be done to improve the situation. One area would be to look at ways to make it easier to inform developers of security issues in their plugins that are hosted on the wordpress.org Plugin Directory. As something that happened on Friday shows, getting directly in touch with the developer can make a big difference.
On Friday Lenon Leite disclosed an unfixed authenticated SQL injection vulnerability in the plugin JTRT Responsive Tables. Prior to doing that, he had left a message on the wordpress.org Support Forum related to that about 7 weeks before and he had also submitted a pull request on the plugin’s GitHub page with a fix for it (using a prepared statement for the related SQL statement would also be a good idea). [Read more]