via pluginvulnerabilities.com => original post link
Recently the CEO of Wordfence, Mark Maunder, responded to us noting that Wordfence’s data on WordPress plugin vulnerabilities is “often quite inaccurate and not a reliable source” by saying that their “data is impeccable.” To claim that their data is flawless is quite a statement to make. It would be one thing to say that they are trying to provide the best data or doing their best, but flawless is something else. They also claimed that we were a “well known industry troll” and “contribute nothing beyond vitriol.” So who was right there?
Last week, we discussed a strange situation where someone had claimed that there was a vulnerability in WordPress; it was explained to them by the WordPress security team that there wasn’t a vulnerability, but Wordfence and others were now claiming that there was a vulnerability in the Gutengberg plugin, but not WordPress. If the issue described was a vulnerability, it certainly is in WordPress. But as we mentioned, and the WordPress security team had said before, it wasn’t a vulnerability. Wordfence’s claim was causing a fair bit of concern for those using both that plugin and Wordfence’s plugin. [Read more]