Late last week, Wordfence created a mess by claiming there was an unfixed vulnerability in WooCommerce. What that situation showed is they are not doing the work that people clearly believe they are doing. That includes not checking if vulnerabilities Continue reading Wordfence Didn’t Make Sure Vulnerability in WooCommerce Had Been Fixed (Or That It Even Existed)
Recently, the CEO of the WordPress security provider Wordfence, Mark Maunder, was criticizing a competitor over a bug bounty program that caused cross-site request forgery (CSRF) vulnerabilities to be found, while he was promoting Wordfence’s own bug bounty program. He Continue reading Wordfence Call CSRF Vulnerabilities “Low Risk” While Criticizing Competitor After Previously Calling Them “High Severity”
A basic rule of security is that if you know a lot, you don’t know much. Those knowledgeable about security try to be careful about what they say, as they realize they might not know everything. A lot of WordPress Continue reading Inaccurate Claims About Security Impact of Changing WordPress Database Prefix Highlighted With Exploited Zero Day