Quantcast
Browsing latest articles
Browse All 196 View Live

Image may be NSFW.
Clik here to view.

The Good and Bad of Unexplained Change to WordPress Plugin Directory That...

Yesterday, the team running the WordPress Plugin Directory announced they had recently made a significant change to the directory. No explanation was given for why it was done. Nor why it was done...

View Article


Image may be NSFW.
Clik here to view.

Popular WordPress File Manger Plugins Contain Third-Party Library With...

Last week three WordPress file manager plugins were checked through our Plugin Security Scorecard tool. An issue identified by the tool in each plugin was flagged for us to review. That issue being...

View Article


Developer of 1+ Million Install WordPress Plugin Warned Multiple Times of...

Yesterday, we covered our finding that the 1+ million install WordPress plugin WP File Manager contains a known vulnerable version of the JavaScript library jQuery UI. While following up on another...

View Article

Plugin Security Scorecard February Results

February was the seventh full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 86 plugins were checked last month. With 4 of those plugins being...

View Article

Image may be NSFW.
Clik here to view.

CleanTalk Claims to Vet WordPress Plugins for Insecure Dependencies While...

Last week we posted about the three most popular file manager plugins containing a vulnerable version of the jQuery UI library. The inclusion of the vulnerable version of that library was detected by...

View Article


Image may be NSFW.
Clik here to view.

CVE Rule Allows MITRE to Hide When They Are Failing to Provide Timely...

The CVE system is treated as a reliable source of information on vulnerabilities, both in WordPress plugins, but also more broadly. It isn’t. It also is failing with a more basic element, actually...

View Article

WordPress Plugin Review Team Failing to Enforce Rule, Which is Leading to...

As part of our work to expand the ability for our Plugin Security Scorecard to identify security issues in WordPress plugins, we have been increasing the number of third-party libraries it can detect...

View Article

WordPress Plugin Developer Security Advisory: CleanTalk

One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing...

View Article


Image may be NSFW.
Clik here to view.

Developer Outsourcing Security Reporting to Bugcrowd Has Left Insecure...

Last week someone checked a WordPress plugin through our Plugin Security Scorecard, which flagged the plugin for a variety of issues: [Read more]

View Article


Vulnerability Disclosure Programs and Bug Bounties Are Being Used for the...

Last month DEF CON and the Cyber Policy Initiative at the University of Chicago at released the inaugural Hackers’ Almanack, which “curate[ed] the top technical discoveries from DEF CON that have...

View Article
Browsing latest articles
Browse All 196 View Live