One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught one of the most serious issues, an arbitrary file upload vulnerability in the plugin Payment QR WooCommerce. That is a type of vulnerability that hackers are highly likely to exploit.

The possibility of this vulnerability was also flagged by our Plugin Security Checker and while reviewing this vulnerability we added an additional check that flags some of the insecure code that is in play here, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]