01 Aug

What Happened With WordPress Plugin Vulnerabilities in July 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during July (and what you have been missing out on if you haven’t signed up yet): Plugin [Read more]

07 Jul

Wordfence’s Lack of Understanding of SQL Injection Vulnerabilities Leads to False Claim About WP Statistics Vulnerability

Yesterday we touched on how the web security company Sucuri and others in the security community were overstating the threat of a vulnerability recently discovered by Sucuri in the plugin WP Statistics. While looking over something else related to that vulnerability we came across the web security company Wordfence using that vulnerability basically as an [Read more]

28 Apr

Reflected Cross-Site Scripting (XSS) Vulnerability in WP Statistics

A couple of days ago we started to look into a series of releases (12.0.2-12.0.5) of the plugin WP Statistics that were indicated to have fixed cross-site scripting (XSS) vulnerabilities. While there were a couple of advisories put out related to this, those didn’t include the details needed to confirm that vulnerabilities had existed and had been fixed. [Read more]