On Monday we had what looked to be a hacker probing for usage of the WordPress plugin Email Subscribers, which has 100,000+ installs, on our website. There are several possible explanations for that. One involves a fairly misleading claim about a vulnerability being fixed in the plugin recently.

As part of assessing the situation, we started checking for the possibility that plugin currently contains a more serious vulnerability. What we found is that the plugin is that the plugin is lacking basic security checks in places and other code seems insecurely designed. We would recommend not using the plugin unless it has had a thorough security review done and all the issues found addressed. [Read more]