And they don't provide the information needed for others to do that vetting, making it harder for other to catch that vulnerabilities haven't been fixed properly (or sometimes at all).
Comments
Log in with your Bluesky account to leave a comment
That claim was included in the bio of one of three team reps. The other two bios did not make that sort of inaccurate claim about a company. One just says a company is "well-known."
@10up.bsky.social's @joemcgill.bsky.social is credited with writing that post.
That would be the 10up that has the WP-CLI Vulnerability Scanner, which doesn't warn people that the sources for that, WPScan, Patchstack and Wordfence Intelligence, are not reliable to level that there is widespread exploitation of unfixed vulnerabilities they claimed were fixed.
Sure. What are you looking for clarification on? That the tool is not warning that vulnerability claims from those providers are known to be highly inaccurate? Or that vulnerability claims from them are known to be highly inaccurate?
For the latter, here is a recent example with a plugin that a hacker appeared to be targeting. Where they all told people that a vulnerability had been fixed in a plugin, when it hadn't. And it was more serious than described.
I'm not immediately aware of significant concerns with the vulnerability data from those platforms that would cause the use of them to be considered inaccurate and unreliable, but if there's an additional, more accurate and reliable source I'd be curious to learn more about that.
Comments
@10up.bsky.social's @joemcgill.bsky.social is credited with writing that post.