On Friday, WPMU DEV partially released a security update for the WordPress plugin Broken Link Checker. The changelog for the new version is “Fix: Patched a vulnerability issue.” There are a couple of problems with that. First, they didn’t set it, so the update is being offered to those already using the plugin or new users. Second, the fix was incomplete. Unsurprisingly, the developer is part of the Patchstack Vulnerability Disclosure Program, which signals that the developers are not handling security right and not making sure issue are fully addressed.

…

[Read more]