We have been seeing a reoccurring issue recently where WordPress plugin developers are having users of the plugins being asked if they are going to fix vulnerabilities that a WordPress security,Patchstack, has claimed are in their plugins. The developers are responding, accurately, that Patchstack hasn’t provided any details on what the issue is supposed to be. That obviously makes it difficult to address things if there really is a vulnerability, or to otherwise refute the claim. A recent instance of that involved a claim of a reflected cross-site (XSS) in the plugin WP Bannerize Pro.

Here are the “details” Patchstack provided: [Read more]