11 Jan

Closures of Very Popular WordPress Plugins, Week of January 11

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about [Read more]

07 Jan

Our Plugin Security Checker Could Have Warned You About the Possibility of Vulnerabilities in a Couple of WordPress Plugins with 80,000 Installs

On Friday we noted in our post detailing a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin Ninja Forms, which has 1+ million active installations according to wordpress.org, that our Plugin Security Checker,  which is a tool that allows anyone to see if there are possible security issues in WordPress plugins that could use further [Read more]

04 Jun

Trying To Determine If WordPress Plugins Are Being Exploited Is Harder When Hackers Do Odd Things

One of the things that we do to make sure our customer are getting the best protection against vulnerabilities in WordPress plugins is to do monitoring to try to spot when hackers are looking to exploit vulnerabilities in those plugins. In doing that we have found that other security companies that make extraordinary claims about [Read more]

16 May

Our Proactive Monitoring Caught a Newly Introduced Arbitrary File Upload Vulnerability in a Plugin with 50,000+ Active Installations

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That again has lead to us catching a vulnerability in a fairly popular plugin, [Read more]