On Friday we noted that we had started doing proactive monitoring of the plugin’s in the WordPress fork ClassicPress’ plugin directory for serious security issues and had also had run the ClassicPress plugins available in that through our Plugin Security Checker, which flags the possibility of additional less serious issues. We found a couple of plugins with minor security issues through that, including one with a vulnerability. That vulnerability was promptly fixed. Also, on Friday we ran the six plugins from the WordPress Plugin Directory also included in ClassicPress’ directory through the same tool. We found two of them had a really easy to spot minor vulnerability.

This is the kind of thing that the WordPress Plugin Directory Team could easily have systems in place to catch and automatically warn developers of. We have repeatedly offered to help them implement this type of thing, but, like other attempts help them to improve their poor handling of security, they have shown no interest. [Read more]