Last Tuesday we disclosed an arbitrary file upload vulnerability in the plugin WooCommerce Checkout Manager caught through our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities, so not surprisingly the customers of our service were also warned about it then. On Thursday we noted on Twitter that we had seen probing for usage of the plugin that was likely coming from hackers. If you were relying some other product or service to let you know about vulnerable WordPress plugins you likely were late in getting notified of that, since many of those use data from the WPScan Vulnerability Database. When it was belated added to their data set on Friday a couple of things stuck out to us, one being that we were not listed as a reference:

[Read more]