25 Jun

Other Vulnerability Data Sources Miss That a Reflected XSS Vulnerability in Custom 404 Pro Hasn’t Been Fixed

Being warned about vulnerabilities in WordPress plugins you use isn’t much good if you are being told that vulnerabilities have been fixed when it hasn’t. That is often a problem with data sources on vulnerabilities in WordPress plugins other than the one what underlies our service.

[Read more]

15 May

Information Disclosure Vulnerability in FV Player (FV Flowplayer Video Player)

Earlier today we noted a security company putting out inaccurate information on vulnerabilities in a WordPress plugin. That isn’t uncommon, as while looking into who might have discovered a recent vulnerability we found NinTechNet suggesting updating the plugin, FV Player (FV Flowplayer Video Player), to version 7.3.13.727:

[Read more]