Login

Tag Archives: Planet Zuda

20 Jul 2017

More of Planet Zuda’s Troubling Handling of Claimed Security Vulnerabilities in WordPress Plugins

Last week we looked a claim by the web security company Planet Zuda of a severe vulnerability in a popular WordPress plugin, which seemed at best to be them not fully looking into the issue before making a untrue claim as to its severity. The next day they put out another post making a similar claim of an even more popular plugin, SiteOrigin Widgets Bundle. Once again they also are selling a version of the plugin that is supposed to be patched, which possibly violates multiple laws. Also, once again there was no mention that they had notified the developer of the plugin about the vulnerabilities. This time though they didn’t provide any details of the claimed vulnerabilities, so that neither we nor anyone else could independently review their claim.

Here is how they described the claimed vulnerability: [Read more]

13 Jul 2017

Planet Zuda and OptinMonster Handle Poor Security of OptinMonster API Plugin Extremely Badly

Through the various things we do as part our service we have a fair amount of interaction with people making claims about vulnerabilities in WordPress plugins and with the developers of WordPress plugins with vulnerabilities. From doing that we don’t currently have a very positive view of either side, which shouldn’t be all that surprising considering the poor state of security of WordPress plugins and security in general. As example of what that looks like let’s take a look at a recent claim by Planet Zuda of a vulnerability in the plugin OptinMonster API, which we found pointed to poor security in the plugin, but not the vulnerability claimed.

Before we get to the details of what is actually going on with the plugin, let’s take a look at how Planet Zuda responded to it: [Read more]