If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during September (and what you have been missing out on if you haven’t signed up yet): [Read more]
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
We sometimes see people complaining about that the information needed to exploit a WordPress plugin vulnerability is included in a report on the vulnerability. There are good reasons to provide that, probably the most important being that we often find that the vulnerabilities haven’t actually been fixed. If it is easy to check things over, than it is more likely that the lack of a fix is going to be caught quickly and resolved. Another reason that providing that information is not all that harmful is that it is usually easy for someone that is knowledgeable with this type of thing to look at the changes made and work back to how it would be exploited. We do all that time to test out claimed vulnerabilities before we add them to our data set. [Read more]