One of the changelog entries for the latest version of plugin Under Construction is “minor security fixes in admin”. Looking at the changes made in that version we recognized the vulnerability being fixed since three weeks ago we disclosed that another one of the plugins by the same developer had that the same issue.
…
Yesterday we full disclosed an authenticated open redirect vulnerability in the plugin Google Maps Widget, it turns out the developer has other plugins that shared the same issue as another of their plugins, Under Construction, was updated today and one of the changelog entries is “wp_redirect() vulnerability fix”. Looking the changes made to the plugin we found that several hours after version 3.25 was released it was modified to fix the same issue.
…