If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during November (and what you have been missing out on if you haven’t signed up yet): [Read more]
Earlier today we posted the details of a reflected cross-site scripting (XSS) vulnerability in the plugin Pretty Links (Lite) that was somewhat vaguely disclosed by Detectify about a month ago. Shortly after that had been disclosed the website WPCampus had included reference to that in their weekly spreadsheet of vulnerabilities in WordPress, though they pointed to information on a possible different reflected XSS vulnerability in the plugin. It isn’t clear if they were aware that was a different vulnerability than the one mentioned by Detectify (as that one involved the input “message”) or if they have notified the developer of that issue.
…
About a month ago we noted that the security scanner service Detectify seemed to have disclosed a number of unfixed reflected cross-site scripting (XSS) vulnerabilities in WordPress plugins that the developers may not have been notified of. One of those was in the plugin Pretty Links (Lite). It looks like the vulnerability that might be referred to there would be only exploitable in the version if the plugin had yet to be used for it intended function, so the vulnerability is of even less concern than a reflected cross-site scripting (XSS) vulnerability normally would be.
…