Yesterday a new version the WordPress plugin HubSpot All-In-One Marketing – Forms, Popups, Live Chat, which has 80,000+ installs, came on to our radar as there were a couple of seeming security related entries in the changelog for that version:

• Fix comment escaping
• Sanitize inputs

As part of collecting data for our service, so that we can inform our customers if plugins they use contain vulnerabilities we started looking into the changes. The very first change made was to change a line of code from this: [Read more]