As we work to expand the capabilities of our new Plugin Security Scorecard, one of our focuses is providing better security information on libraries included in plugins. That has led to us finding plugins using vulnerable libraries. And in the case of one of them, the plugins not being updated to a newer version of the library since we reached to the plugins’ developers. Looking into a library included in a security plugin, we found that libraries can have complicated histories. Leading, in this case, to a library copied from a copy of a library and then having the middle link abandoned.
The library in the plugin is listed by GitHub as being a fork of another library: [Read more]
