One of the things we do provide the best data on vulnerabilities in WordPress plugins for our customers is monitoring our websites for hacking attempts against plugins. At first that allowed us to add additional old vulnerabilities that we didn’t yet have in data set and then starting in May that allowed us to find numerous zero-day vulnerabilities, vulnerabilities that existed in the current versions of plugins that the developers were not aware of.

In doing that monitoring we have also noticed some odd things about the choice of vulnerabilities that hackers are targeting. One, is that we have seen hackers targeting vulnerabilities that don’t exist. With just a little testing the could have seen that the vulnerabilities doesn’t exist. So it doesn’t seem to make sense when some of the hacking campaigns against those seem to fairly broad, that the hacker didn’t test things out first. For everybody else this is a good thing, since hackers are wasting resources on hacking attempts that will never be successful. [Read more]