pluginvulns.bsky.social - Profile | ThreadSky | a Reddit-style client for Bluesky

Plugin Vulnerabilities Customers Helped Make WordPress Plugins More Secure, Week of June 6

submitted 23 days ago • 0 comments

WordPress Firewall Plugin Claimed to Protect Against "Any Threat" Doesn't Stop Even One Simulated Attack From Firewall Testing Tool

submitted 26 days ago • 0 comments

Patchstack Now Withholding Misappropriated Information Needed to Secure Plugins in WordPress Plugin Directory From WordPress

submitted 30 days ago • 0 comments

Plugin Vulnerabilities Customers Helped Make WordPress Plugins More Secure, Week of May 30

submitted 30 days ago • 0 comments

The WordPress Meta team holding up the community once again.

submitted 30 days ago • 0 comments

With Automattic announcing a return to contributing to WordPress, it's worth noting that there hasn't been a change with the cited reasons they gave for reducing their contributions in January. WP Engine's lawsuit is still on and they haven't boosted their contributions.

submitted 30 days ago • 1 comment

WP Engine Study Finds That Security Is Somehow Considered One of WordPress' Benefits and Also Disadvantages

submitted 32 days ago • 0 comments

Patchstack tries to get people to report plugin vulnerabilities to them instead of developers or WordPress. Now they are refusing to provide the information to WordPress.

submitted 33 days ago • 1 comment

Would anyone guess that this changelog entry for a WordPress plugin with 2+ million installs was referring to fixing a vulnerability?: "Improved context-dependent escaping in dynamic content tags."

submitted 33 days ago • 1 comment

"we always take security seriously" - WordPress plugin developer who still hasn't fixed an exploitable vulnerability two months after apparently being notified of it

submitted 33 days ago • 0 comments

A WordPress plugin with 100,000 installs has an unfixed vulnerability being targeted by a hacker and Patchstack's response is to suggest you pay them $5 a month for a firewall rule they call a "patch". WordPress could release a real patch for free. We would provide them with the patch for free.

submitted 33 days ago • 1 comment

WordPress Plugin Submission Review Seems to Have Failed Badly With ConvertPro

submitted 37 days ago • 0 comments

Plugin Vulnerabilities Customers Helped Make WordPress Plugins More Secure, Week of May 23

submitted 37 days ago • 0 comments

Long Overdue Security Review of WordPress Would Cost Only 0.25% of WP Engine's Estimate of Cost of One WordPress Website

submitted 37 days ago • 0 comments

Mary Hubbard: "Rotating roles can help us avoid centralizing too much authority in any one place, and it guards against the single points of failure that open source and communities should always aim to minimize." Is rotating roles going to apply to her boss Matt Mullenweg?

submitted 38 days ago • 1 comment

WordPress Hasn't Addressed Hacker Targeted Plugin With 100,000+ Installs That Has Unfixed "Critical" Vulnerability

submitted 38 days ago • 0 comments

8 months after a vulnerability was reported to someone, it still hasn't been fixed. It's unclear what happened here, but the developer claims that the vulnerability was reported to @patchstack.com instead of to them. They say Patchstack made a public claim after 6 months, but didn't notify them.

submitted 39 days ago • 0 comments

Is Brizy, Patchstack, or Both to Blame For Lack of Fix for Vulnerable WordPress Plugin With 80,000+ Installs After 8 Months?

submitted 39 days ago • 0 comments

They don't mention how many website are using the new plugins. A quick check of our lagging data shows that almost all of the plugins added to the directory this year have under 100 installs. With only slightly over 2% above that. And roughly 83% having under 10 installs.

submitted 39 days ago • 1 comment

We have added the FV Gravatar Cache to the roster of WordPress plugins that receive continuous security review from us. That entails us reviewing every update to the plugins for any changes that impact security. If you want a plugin to get the same level coverage, we have a service for that.

submitted 39 days ago • 0 comments

The FAQ for the Brizy WordPress plugin tells you to report issues through GitHub and links to a page to do that. If you try to create an issue, it doesn't work with the vague message "Unable to create issue." returned. 1/2

submitted 39 days ago • 1 comment

Wordfence Missed That Authenticated Persistent XSS Vulnerability in 2+ Million Install MC4WP: Mailchimp for WordPress Wasn't Fixed

submitted 41 days ago • 0 comments

Patchstack VDP Partner WPMU DEV Incompletely Fixed Privilege Escalation Vulnerability in Broken Link Checker

submitted 43 days ago • 0 comments

Plugin Security Scorecard April Results

submitted 45 days ago • 0 comments

600k WordPress Backup Plugin Claiming to Be "Easiest Way to Protect Your Website" Contains Decade Out of Date Insecure Library

submitted 45 days ago • 0 comments

A developer thinks that if you find a vulnerability in their software you shouldn't be able discuss it without their "express consent": "Please do not discuss any vulnerabilities (even resolved ones) without express consent." github.com/timber/timbe...

submitted 46 days ago • 0 comments

Hacker Already Targeting Plugin With Vulnerability Exposed by Wordfence Today Without Fix Being Available

submitted 46 days ago • 0 comments

Has anyone been told that a WordPress firewall plugin is a solution for distributed denial of service (DDoS) attacks?

submitted 46 days ago • 0 comments

Liquid Web doesn't use their own caching plugin, Solid Performance, on their website. They use competitor, W3 Total Cache, instead.

submitted 46 days ago • 0 comments

That is coming from the parent of WordPress plugin developer StellarWP. #TheCallIsComingFromInsideTheHouse 1/

submitted 46 days ago • 1 comment

Authenticated Information Disclosure Vulnerability in PrettyLinks

submitted 48 days ago • 0 comments

WordPress and Security Providers Fail to Make Sure All Plugins Containing Known Vulnerability Have Been Addressed

submitted 48 days ago • 0 comments