Not Really a WordPress Plugin Vulnerability – Page 2

Not Really a WordPress Plugin Vulnerability, Week of March 31

Posted on 31 March 2023 by

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic Continue reading Not Really a WordPress Plugin Vulnerability, Week of March 31→

Not Really a WordPress Plugin Vulnerability, Week of March 17

Posted on 17 March 2023 by

Not Really a WordPress Plugin Vulnerability, Week of March 10

Posted on 10 March 2023 by

Not Really a WordPress Plugin Vulnerability, Week of February 17

Posted on 17 February 2023 by

Not Really a WordPress Plugin Vulnerability, Week of February 3

Posted on 3 February 2023 by

Not Really a WordPress Plugin Vulnerability, Week of January 27

Posted on 27 January 2023 by

Not Really a WordPress Plugin Vulnerability, Week of January 20

Posted on 20 January 2023 by

Not Really a WordPress Plugin Vulnerability, Week of January 13

Posted on 13 January 2023 by

Not Really a WordPress Plugin Vulnerability, Week of January 6

Posted on 6 January 2023 by

Not Really a WordPress Plugin Vulnerability, Week of December 9

Posted on 9 December 2022 by

Patchstack Claimed to Provide “Early Alert and Protection” From “Vulnerabilities” Where Attacker Would Already Have Control of Website

Posted on 5 December 2022 by

Last week, we noted that the WordPress security provider Patchstack’s new “early alerts and protection” from plugin vulnerabilities involved them being weeks behind offering protection that keeping plugins updated would have provided and failing to offer that for a vulnerability Continue reading Patchstack Claimed to Provide “Early Alert and Protection” From “Vulnerabilities” Where Attacker Would Already Have Control of Website→

Not Really a WordPress Plugin Vulnerability, Week of November 25

Posted on 25 November 2022 by

VulDB’s Alarmism on Display With False Claim of “Critical” Vulnerability in WordPress Plugin Activity Log

Posted on 15 November 2022 by

Earlier today someone posted on the support forum for the 200,000+ active install WordPress plugin Activity Log with the subject “Critical Exploit: Disable plugin Immediately!” and wrote this: As reposted by CISA and NIST, NVD this plugin has a critical Continue reading VulDB’s Alarmism on Display With False Claim of “Critical” Vulnerability in WordPress Plugin Activity Log→

Search Engine Journal’s Roger Montti Spreads Patchstack’s Misinformation About the Security of WooCommerce Plugin

Posted on 14 November 2022 by

A frequent source of news media misinformation on vulnerabilities in WordPress plugins is someone named Roger Montti, who writes for the Search Engine Journal. Why someone that describes themselves as a “search marketer” writing for a news outlet unrelated to Continue reading Search Engine Journal’s Roger Montti Spreads Patchstack’s Misinformation About the Security of WooCommerce Plugin→

Not Really a WordPress Plugin Vulnerability, Week of November 11

Posted on 11 November 2022 by

CVE Numbering Authority VulDB Falsely Claimed That 800,000+ Install WordPress Plugin Contained Vulnerability

Posted on 4 November 2022 by

Yesterday, a topic was created on the WordPress Support Forum about a claimed vulnerability in the WordPress plugin The Events Calendar with the message: VulDB published an advisory concerning a vulnerability in The Events Calendar plugin, at https://vuldb.com/?id.212632. [Read more] Continue reading CVE Numbering Authority VulDB Falsely Claimed That 800,000+ Install WordPress Plugin Contained Vulnerability→

Not Really a WordPress Plugin Vulnerability, Week of October 28

Posted on 28 October 2022 by

Wordfence Claimed That 300,000+ WordPress Sites Contained a “Critical” Security Vulnerability, It Wasn’t True

Posted on 21 October 2022 by

On Monday, a report was posted on Packet Storm claiming that the latest version of the WordPress plugin Photo Gallery by 10Web, 1.8.0, had a reflected cross-site scripting (XSS) vulnerability. That type of vulnerability isn’t a major issue and isn’t Continue reading Wordfence Claimed That 300,000+ WordPress Sites Contained a “Critical” Security Vulnerability, It Wasn’t True→

Not Really a WordPress Plugin Vulnerability, Week of October 14

Posted on 14 October 2022 by

Automattic’s WPScan Still Isn’t Verifying Claimed Vulnerabilities Despite Stating Otherwise

Posted on 13 October 2022 by

Automattic’s WPScan recently claimed there was an admin+ arbitrary file access vulnerability in WPForms Lite. The entry claimed they had verified the vulnerability: [Read more] ShareTweetSharePostSharePin It!