One of the ways that we keep track of vulnerabilities in WordPress plugins is by monitoring what look attempts at hackers request for files in plugins on our websites and in some third-party data. One of the problems we have seen recently in others looking at similar data is that they don’t do proper due diligence before making claims based on that data. A couple of weeks ago we looked at how Wordfence was falsely making people think there has been a vulnerability in very popular plugin. While looking into some possibly malicious requests recently we found something similar happening with the much less popular plugin Libravatar Replace. A couple of days ago new thread was created for the plugin on the WordPress Support Forum that reads:

Hey, I do not use this plugin but my website was scanned by a UK IP trying to locate:
http://[redacted]/wp-content/plugins/libravatar-replace/libravatar-replace.php [Read more]