via pluginvulnerabilities.com => original post link
One of the tools we have to try to help make WordPress plugins more secure is our Plugin Security Checker, which flags possible security issues in WordPress plugins. From time to time, we spot check the results of plugins from the WordPress Plugin Directory being run through that to make sure we are limiting mistakes it might make. Through that we saw that the 90,000+ install plugin LearnPress had insecure code that could lead to reflected-cross-site scripting (XSS) because user input was being output without escaping it:
[Read more]