The plugin Simple Membership was closed on the WordPress Plugin Directory Monday of last week. That appears to have been due to a relatively minor vulnerability. It also appears that the team running the Plugin Directory required additional security improvements based on the changes made after that was fixed. What they missed was to us an obvious issue, it was so obvious we had noticed it almost immediately, and only noticed the issue the looks to have led to the closure after more checking. Since it isn’t a vulnerability on its own, we waited a bit to see if anyone else noticed, but it would seem not, since it still is in the plugin more than a week after the plugin was reopened.

The plugin registers the function admin_init_hook() to run during “admin_init”: [Read more]