The latest version of the plugin TrustMate.io integration for WooCommerce got flagged by our monitoring systems for a couple of reasons. One being the commit message for that version being “Security fix” and the other being our our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities flagging code in that for possibly allowing the updating of arbitrary WordPress options (settings). Those two items turned out to be related, as the security fix was addressing that code. Though only partially addressing the security issue there.

…

[Read more]