As part of our cataloging the vulnerabilities in WordPress plugins for our service we come across false reports of vulnerabilities from time to time. So that others don’t spend their time looking over these as well, we post our findings on them. The data on these false reports is also included in our service’s data.
There seem to be a variety of causes for false reports of vulnerabilities in WordPress plugins, including lack of proper testing of possible vulnerabilities, intentional false reports, and what seems to be the cause of lot of them, the reporter not really understanding what the vulnerability would actually involve. No matter how obvious it is that they are false, these reports often get presented along side legitimate reports, that includes in WordPress security plugins, as we were just discussing when it comes to one plugin earlier today. [Read more]