_{As part of our cataloging the vulnerabilities in WordPress plugins for our service we come across false reports of vulnerabilities from time to time. So that others don’t spend their time looking over these as well we post our findings on them.}

The explanation of how the claim of a persistent cross-site scripting (XSS) vulnerability in the User Submitted Posts plugin ended up being false is good reminder that people trying to discover security vulnerabilities should make sure that they use a clean WordPress install during testing, so they don’t contaminate their testing environment. [Read more]