When we mentioned the web security provider WebARX provider back in March it was in the context of their service providing less protection against a WordPress plugin vulnerability than simply keeping plugins up to date, while they made it seem otherwise. That is a pretty big issue when their service is prominently promoted with the claim that it can “Protect websites from plugin vulnerabilities”, as can be seen on their homepage:
Last Tuesday we warned about a vulnerability likely to be exploited in the plugin Blog Designer, unlike another WordPress plugin vulnerability we ran across recently in a similar situation, this one was quickly fixed and the plugin reopened on the Plugin Directory the next day (the vulnerability had been independently discovered by WebARX).
Yesterday a company named WebARX discussed a vulnerability we had discovered in a WordPress plugin named Social Warfare, though you wouldn’t know that it you read their post:
Coverage of WordPress plugin vulnerabilities is rather poor and coverage of an authenticated option update vulnerability in the plugin Simple Social Buttons disclosed on Monday was no exception. For example, you had a security journalist that frequently spreads false and misleading information, Catalin Cimpanu, make this statement in regards to WordPress: