As often is the case, WPScan recently released a mess of a report of a claimed vulnerability in WordPress plugin Use Any Font. The report both claims that part of the issue exists in versions after it had already been resolved, but also claims the issue has been fixed, despite not being fully resolved. We had warned our customers about the original form of the vulnerability back in 2017.
…
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during October (and what you have been missing out on if you haven’t signed up yet, which you can currently do for half off): [Read more]
Recently the web scanner service Detectify has been vaguely disclosing minor vulnerabilities in a number of WordPress plugins. It seems like they are aware that they could notify the developer of these, but usually haven’t been doing it. One of the more recent batch was a cross-site request forgery (CSRF) vulnerability in the plugin Use Any Font.
…