One of the things that we believe leads to the poor state of security of WordPress, as well more generally, is the amount of inaccurate and outright false information spread by those involved in security. That also creates unnecessary hassle for others. When it comes to our area of focus, the security of WordPress plugins that is a constant issue. While we properly vet claimed vulnerabilities before adding them to our data set, if you are getting data elsewhere it likely comes from the WPScan Vulnerability Database, which is data source where the people behind it don’t seem to be concerned about the accuracy of their data (or other things that seem important for providing what they claim to provide).
If they were even a little concerned about that it seems hard to believe what has happened with the plugin WooCommerce PayPal Checkout Payment Gateway would have occurred. They are currently claiming that plugin, which has 800,000+ installs according to wordpress.org, contains an unfixed vulnerability: [Read more]