While dealing with the cleanup of a hacked WordPress website recently we noticed that the plugin Comment Attachment was closed on the Plugin Directory last year for an unexplained “security issue”. We couldn’t find any public report that would explain the closure. In looking over the plugin we found that it contained a vulnerability that would allow anyone to delete media uploaded through it.

…

[Read more]