via pluginvulnerabilities.com => original post link
Trust is an important part of security, so it probably isn’t surprising that security is in such bad shape and that at the same time, security companies are so obviously dishonest so often. That is something we frequently run across in the WordPress security space, involving even the big name players. A couple of instances of that just came up involving vulnerability data provider presenting it as if they added information on vulnerabilities in a more timely manner than they really do.
WPScan
Automattic’s WPScan is claiming there is a known vulnerability in the latest version of WordPress. Though this would probably be better classified as a security issue. WPScan’s data says that the issue was “publicly published” and “added” two days ago: [Read more]