Login

Tag Archives: Pagely

21 Dec 2021

Patchstack Continues to Overstate Size of Their Database Despite Dropping Claimed Size for 2021 by 35%

Last month we noted that a couple of WordPress news outlets had repeated what appear to be clearly false claims made by one of WordPress security provider Patchstack. It should go without saying that a security company that isn’t honest is a big deal. We have run across a further claim from Patchstack that disputes the previous claim they made, while still appearing to be false.

On November 5, the WP Tavern ran a story by Justin Tadlock that included this claim about the number of vulnerabilities in Patchstack’s database for this year: [Read more]

22 Jun 2021

Pagely Doesn’t Seem That Serious About Security at Least With WordPress Plugins

There are a lot of places you can find information on vulnerabilities in WordPress plugins, but much of it is highly inaccurate. The WordPress focused web host Pagely provides one example of that. They put out a monthly post mentioning vulnerable plugins, but just a glance at last month’s post shows they are not doing basic due diligence with claimed vulnerabilities. That isn’t in line with how they market themselves:

No one takes WordPress security more seriously than Pagely.

Their information is bit confusing as they have a section headed “List of Vulnerable Plugins, May 2021” and then one headed “Plugins Removed From WordPress Repository”, but both appear to listing vulnerable plugins. The latter appears to be a list of vulnerable plugins that haven’t been fixed and based on the name you would assume ones that have been removed from the WordPress Plugin Directory. [Read more]

27 Jun 2017

Pagely Downplays Serious Problems With The Handling of Security Vulnerabilities in WordPress Plugins

Security isn’t in great shape these days and that certainly applies to WordPress plugins as some recent issues we have run across have reminded us. As we see it, one of the causes of this is that real problems with security rarely get discussed. There are probably many factors at play to cause that, but one that we see is that people will criticize you if you say anything they interpret to be negative when it comes to security (the irony of that seems lost on them). That seems to lead to a lack of honesty about what is going on and instead a focus on happy talk that doesn’t resolve the problems, even though many could be fixed without much effort if there was an interest in doing that.

An example of not discussing the real problems comes up with a post we ran across from the blog of WordPress web hosting company Pagely. The post discusses the increasing issue with PHP object injection vulnerabilities in plugins, but hidden below the surface of the post is a couple of problems that writer clearly is aware of, but doesn’t disclose. The relevant section of the post is the following: [Read more]