As we have noted multiple times recently, contrary to claims made by other security providers, WordPress plugins continue to have a steady supply of new vulnerabilities being introduced in to them. That includes widely used plugins. We continue to work to improve our ability to catch those in plugins used by users of our service. One method is using machine learning, a form of artificial intelligence (AI), to try to catch vulnerabilities being introduced in to plugins. As that is something that improves with more data, the longer we are collecting data, the better it should get and the more vulnerabilities we can catch for our customers.

Yesterday, that monitoring flagged an update to the 300,000+ install plugin WPvivid Backup as possibly introducing a vulnerability. Looking over the changes being made, we found that a new function was added to the plugin and made accessible to anyone logged in to WordPress through its AJAX functionality: [Read more]