If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
In our dealing with hacked websites we have recently been working with quite a few people that have come to us after trying to do some work to figure out the source of the hack themselves. They will bring up that they have found reporting that software on the website has had vulnerabilities and those might have been the cause. In reality most of those vulnerabilities have very little chance of being the cause of a website being hacked in general and in some cases they have no chance since the vulnerability didn’t actual exist.
We recently discovered the WordPress Event Calendar (Spider Event Calendar) plugin had a reflected cross-site scripting (XSS) vulnerability. In version 1.5.38, and all previous versions, the file /nav_function/nav_html_func.php was echoing a POST variable without escaping it. That occurred on line 88: