via pluginvulnerabilities.com => original post link
Having accurate data on vulnerabilities in WordPress plugins is important. Lots of people trust one provider of WordPress plugin vulnerability data, Wordfence. It seems like their data should be trusted considering the CEO of Wordfence, Mark Maunder, has claimed their data is “impeccable”. Contrary to his claim, just very recently, we have run across them claiming that unfixed vulnerabilities have been fixed, claiming that a vulnerability that never existed was fixed in a certain version it definitely wasn’t, and claiming that a WordPress Administrator doing something that WordPress explicitly allows Administrators to do is a vulnerability. And we just ran across another strange false claim while trying to figure out an odd action by the team running the WordPress Plugin Directory.
Late last week, Wordfence claimed that a vulnerability in a plugin used on 80,000+ websites had been fixed: [Read more]