Last year we created the Plugin Security Scorecard tool to help the WordPress community to have a better understanding of the security of plugins and hopefully to get better practices more widely implemented. As part of our work on that, we have been continuing to expand its capability to identify when plugins are using outdated and known insecure/vulnerable third-party libraries. That capability either doesn’t exist elsewhere in the community or isn’t being used. That is highlighted with a plugin that was checked through the plugin today.

The plugin checked was the 1+ million install plugin SVG Support, which had several issues identified: [Read more]