Quantcast
Browsing latest articles
Browse All 199 View Live

Plugin Security Scorecard February Results

February was the seventh full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 86 plugins were checked last month. With 4 of those plugins being...

View Article


Image may be NSFW.
Clik here to view.

CleanTalk Claims to Vet WordPress Plugins for Insecure Dependencies While...

Last week we posted about the three most popular file manager plugins containing a vulnerable version of the jQuery UI library. The inclusion of the vulnerable version of that library was detected by...

View Article


Image may be NSFW.
Clik here to view.

CVE Rule Allows MITRE to Hide When They Are Failing to Provide Timely...

The CVE system is treated as a reliable source of information on vulnerabilities, both in WordPress plugins, but also more broadly. It isn’t. It also is failing with a more basic element, actually...

View Article

WordPress Plugin Review Team Failing to Enforce Rule, Which is Leading to...

As part of our work to expand the ability for our Plugin Security Scorecard to identify security issues in WordPress plugins, we have been increasing the number of third-party libraries it can detect...

View Article

WordPress Plugin Developer Security Advisory: CleanTalk

One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing...

View Article


Image may be NSFW.
Clik here to view.

Developer Outsourcing Security Reporting to Bugcrowd Has Left Insecure...

Last week someone checked a WordPress plugin through our Plugin Security Scorecard, which flagged the plugin for a variety of issues: [Read more]

View Article

Vulnerability Disclosure Programs and Bug Bounties Are Being Used for the...

Last month DEF CON and the Cyber Policy Initiative at the University of Chicago at released the inaugural Hackers’ Almanack, which “curate[ed] the top technical discoveries from DEF CON that have...

View Article

6 WordPress Plugins With a Million or More Installs Still Using JavaScript...

As we continue to expand the ability for our Plugin Security Scorecard to detect third-party libraries included with WordPress plugins, we continue to find that popular plugins are not handling their...

View Article


Hacker Probing for WordPress Plugin That Wordfence Exposed Critical...

Yesterday, we had what would appear to be a hacker probing for usage of the WordPress plugin Checkout Mestres WP on our website by requesting the readme.txt file for it like this:...

View Article


Plugin Security Scorecard March Results

March was the eighth full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 140 plugins were checked last month. With 8 of those plugins being...

View Article
Browsing latest articles
Browse All 199 View Live