13 Jul

Planet Zuda and OptinMonster Handle Poor Security of OptinMonster API Plugin Extremely Badly

Through the various things we do as part our service we have a fair amount of interaction with people making claims about vulnerabilities in WordPress plugins and with the developers of WordPress plugins with vulnerabilities. From doing that we don’t currently have a very positive view of either side, which shouldn’t be all that surprising considering the poor state of security of WordPress plugins and security in general. As example of what that looks like let’s take a look at a recent claim by Planet Zuda of a vulnerability in the plugin OptinMonster API, which we found pointed to poor security in the plugin, but not the vulnerability claimed.

[Read more]