Plugin Security Scorecard February Results
February was the seventh full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 86 plugins were checked last month. With 4 of those plugins being...
View ArticleClik here to view.
CleanTalk Claims to Vet WordPress Plugins for Insecure Dependencies While...
Last week we posted about the three most popular file manager plugins containing a vulnerable version of the jQuery UI library. The inclusion of the vulnerable version of that library was detected by...
View ArticleClik here to view.
CVE Rule Allows MITRE to Hide When They Are Failing to Provide Timely...
The CVE system is treated as a reliable source of information on vulnerabilities, both in WordPress plugins, but also more broadly. It isn’t. It also is failing with a more basic element, actually...
View ArticleWordPress Plugin Review Team Failing to Enforce Rule, Which is Leading to...
As part of our work to expand the ability for our Plugin Security Scorecard to identify security issues in WordPress plugins, we have been increasing the number of third-party libraries it can detect...
View ArticleWordPress Plugin Developer Security Advisory: CleanTalk
One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing...
View ArticleClik here to view.
Developer Outsourcing Security Reporting to Bugcrowd Has Left Insecure...
Last week someone checked a WordPress plugin through our Plugin Security Scorecard, which flagged the plugin for a variety of issues: [Read more]
View ArticleVulnerability Disclosure Programs and Bug Bounties Are Being Used for the...
Last month DEF CON and the Cyber Policy Initiative at the University of Chicago at released the inaugural Hackers’ Almanack, which “curate[ed] the top technical discoveries from DEF CON that have...
View Article6 WordPress Plugins With a Million or More Installs Still Using JavaScript...
As we continue to expand the ability for our Plugin Security Scorecard to detect third-party libraries included with WordPress plugins, we continue to find that popular plugins are not handling their...
View ArticleHacker Probing for WordPress Plugin That Wordfence Exposed Critical...
Yesterday, we had what would appear to be a hacker probing for usage of the WordPress plugin Checkout Mestres WP on our website by requesting the readme.txt file for it like this:...
View ArticlePlugin Security Scorecard March Results
March was the eighth full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 140 plugins were checked last month. With 8 of those plugins being...
View Article