02 Mar

What Happened With WordPress Plugin Vulnerabilities in February 2018

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during February (and what you have been missing out on if you haven’t signed up yet): [Read more]

21 Nov

False Vulnerability Report: Cross Site Request Forgery / Cross Site Scripting in MailChimp for WordPress 4.0.7

As part of our cataloging the vulnerabilities in WordPress plugins for our service we come across false reports of vulnerabilities from time to time. So that others don’t spend their time looking over these as well, we post our findings on them. The data on these false reports is also included in our service’s data.

There seem to be a variety of causes for false reports of vulnerabilities in WordPress plugins, including lack of proper testing of possible vulnerabilities, intentional false reports, and what seems to be the cause of lot of them, the reporter not really understanding what the vulnerability would actually involve. No matter how obvious it is that they are false, these reports often get presented along side legitimate reports, that includes in WordPress security plugins, as we were just discussing when it comes to one plugin earlier today. [Read more]