At the end of March we noticed what looked to be a hacker probing for usage of the plugin Pie Register and found that it contained a vulnerability that hackers would be interested in exploiting, an authenticated arbitrary file upload vulnerability because of insecure code for allowing the installation of WordPress plugins. It also contained several other vulnerabilities.

While working on improvements to our detection system and our firewall plugin related to that type of vulnerability, we found that over a month after that, the developer still hasn’t even attempted to address the vulnerabilities in another of their plugins, Page Builder Addons for WPBakery. [Read more]