One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. That has led to us catching a vulnerability of a type that hackers are likely to exploit if they know about it being introduced in to a plugin. That vulnerability being an arbitrary file viewing vulnerability, which hackers frequently try to exploit to gain access to the database credentials for WordPress websites, in the plugin Law Practice Management Software.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. That tool also flags many other instances of insecure code in the plugin, which is rather concerning as the plugin is intended to be used by lawyers. [Read more]