We often say that a lot of the people in the security industry don’t know and or care much about security, and we unfortunately keep coming across examples of that. The latest example involves a really bad vulnerability assessment that we ran across while looking in to what recently happened with the plugin Display Widgets, which involved the new owner of the plugin placing malicious code in to it. While looking into that situation we noticed that the changelog entry for version 2.6.3 of the plugin said:

Fixed a vulnerability highlighted by one of our users. I encourage all my users to upgrade as soon as possible. [Read more]