The plugin Sunshine Photo Cart was closed on the WordPress Plugin Directory yesterday. We don’t know why that was, but our systems notified us of possible security related changes made after that. Those are described in the latest changes made to the plugin as “Security audit changes”. In that type of situation we usually run the previous version of the plugin through our Plugin Security Checker to see if it flagged any possible insecure code that was then fixed. When we did that, we found that possibly insecure code it flagged wasn’t fixed in the new version. Further checking confirmed there was and still is a vulnerability, despite there apparently a security audit having been done.

That code has gone unnoticed in the plugin for nearly six years, which is yet another good reason to check the plugins you use with our tool. [Read more]