25 Sep

Full Disclosure of Vulnerability in WordPress Plugin with 700,000+ Active Installations

Earlier today we announced we are changing how we handle the disclosure of vulnerabilities in WordPress plugins. Until the inappropriate behavior by the moderators of the WordPress Support Forum ends we are going to be doing full disclosure, that is just disclosing the vulnerabilities, and after that only notifying the developer of the plugin through the [Read more]

01 Dec

What Happened With WordPress Plugin Vulnerabilities in November 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during November (and what you have been missing out on if you haven’t signed up yet): Plugin [Read more]

09 Nov

Vulnerability Details: Shortcode Execution Vulnerability in Formidable Forms

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. When Robert Mathews disclosed that an authenticated remote code execution (RCE) [Read more]

01 Aug

What Happened With WordPress Plugin Vulnerabilities in July 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during July (and what you have been missing out on if you haven’t signed up yet): Plugin [Read more]

10 Jul

Vulnerability Details: Authenticated Arbitrary File Viewing Vulnerability in Shortcodes Ultimate

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. An advisory was released by the JPCERT/CC and IPA that [Read more]