When it comes to vulnerabilities in WordPress plugins, they often go unnoticed for years, as was the case with a vulnerability we ran across in WooCommerce this week. But with another situation in the last week, where an attacker was able to update plugins in the WordPress Plugin Directory to add malicious code to them, the situation was caught and addressed in the most popular plugins in 36 hours. Based on what we can determine so far, it appears the situation is one to learn from, but not a sign of a significant problem.
The Plugins
Looking at the five plugins lessens the concern here. The install counts are not too high for most of them. The most popular plugin has 30,000+ active installs according to WordPress and the least popular has 60+: [Read more]