via pluginvulnerabilities.com => original post link
WordPress plugin developers are not always great about actually fixing vulnerabilities in their plugins. That problem is on display with the 300,000+ install plugin PDF Invoices & Packing Slips for WooCommerce. As we warned our customers on January 11, the developer had attempted to fix a vulnerability in the latest version, but had failed to accomplish that. We had also notified the developer of that problem and they prepared a fix the next day. The fix has yet to be released, though.
That sort of problem makes having accurate data about vulnerabilities in WordPress plugins important. That often isn’t what you get from data providers. Take WPScan, which markets itself on its homepage as being “like having your own team of WordPress security experts.” On January 20, they told their customers about this vulnerability and said it was a high severity vulnerability. The big problem with their information is that they said it was fixed: [Read more]