13 Sep

Reflected Cross-Site Scripting (XSS) Vulnerability in Quotes Collection

One of the things we do to provide the best data on vulnerabilities in WordPress plugins is to monitor the wordpress.org Support Forum for threads related to those. Yesterday we ran across a thread asking if the Quotes Collection plugin that had been removed from the Plugin Directory, had a security vulnerability. The people running the Plugin Directory are choosing to keep people in the dark about removed plugins with security vulnerabilities, so people are left wondering like this. If you use our service though many of the vulnerabilities that caused plugins to be removed are listed, you can also use our No Longer in Directory plugin to see if plugins you use have been removed from the Plugin Directory, whether for a security issue or another reason.

[Read more]