There are a lot of places you can find information on vulnerabilities in WordPress plugins, but much of it is highly inaccurate. The WordPress focused web host Pagely provides one example of that. They put out a monthly post mentioning vulnerable plugins, but just a glance at last month’s post shows they are not doing basic due diligence with claimed vulnerabilities. That isn’t in line with how they market themselves:

No one takes WordPress security more seriously than Pagely.

Their information is bit confusing as they have a section headed “List of Vulnerable Plugins, May 2021” and then one headed “Plugins Removed From WordPress Repository”, but both appear to listing vulnerable plugins. The latter appears to be a list of vulnerable plugins that haven’t been fixed and based on the name you would assume ones that have been removed from the WordPress Plugin Directory. [Read more]