Earlier today we posted about a brand new WordPress plugin that has a security vulnerability that hackers would be likely to exploit. Part of the story there is that security reviews of new WordPress plugins are not happening or they are missing things they shouldn’t. Another piece of the story looks to be that the plugin is largely copied from another plugin and inherited the security vulnerability from that one.

While we were processing the vulnerability in that other plugin, we added a new check to our Plugin Security Checker tool to flag other instances of code similarly insecure to part of the issue with that plugin. While doing that, we checked to see if there might be other plugins in the WordPress Plugin Directory that had code similar to that using the search capability of the WP Directory. What we found was that there was another plugin that had a nearly identical line code to relevant line in the new plugin. Looking further at that second plugin, Wallet One Payment Gateway for WooCommerce, it became clear that the reason the code is nearly identical is that new plugin is using large chucks of code that exist in that plugin. The new plugin might not be copied directly from the plugin, as there could be additional plugins in the chain. [Read more]