When we discover vulnerabilities, we have always warned our customers only at the same time we were publicly disclosing them, since doing otherwise would allow hackers an ability to have information that the public doesn’t. Other companies are okay with giving hackers a possible leg up and possibly profiting off them. One of those being the developers of the Wordfence Security plugin.

As a practical example of what that means, currently hackers can exploit an unfixed authenticated information disclosure vulnerability in the plugin Ninja Forms, which has 1+ million installs, because of Wordfence. Making things easier for hackers, the developer of Ninja Forms, Saturday Drive, has disclosed even more information on the vulnerability in a form easily accessible by hackers, but unlikely to be noticed by the public, but has yet to provide users of the plugin with a fix. [Read more]