Plugin Vulnerabilities
@pluginvulns.bsky.social
Provider of service to protect websites from being exploited due to vulnerable WordPress plugins. https://www.pluginvulnerabilities.com/
Perhaps you could explain to your members that they shouldn't lie about the CRA as an excuse to withhold security vulnerability information from the open source WordPress project. Which is putting millions of websites at unnecessary risk of security issues.
Security vulnerability
Security vulnerability Resolved Artan (@artankrasniqi1988) 4 days, 9 hours ago Hi, wordfence reported a high level vulnerability: Had to uninstall the plugin for now. Hope a fix comes so I can reac…
wordpress.org
May 30, 2025 at 8:57 PM
Perhaps you could explain to your members that they shouldn't lie about the CRA as an excuse to withhold security vulnerability information from the open source WordPress project. Which is putting millions of websites at unnecessary risk of security issues.
Also worth re-upping is that Five for the Future pledges are in general highly suspect.
It is one of the many things that are need of reform with WordPress.
It is one of the many things that are need of reform with WordPress.
A Month On, a Glaring Problem With Five for the Future Pledges Hasn’t Been Addressed
www.pluginvulnerabilities.com
May 30, 2025 at 8:25 PM
Also worth re-upping is that Five for the Future pledges are in general highly suspect.
It is one of the many things that are need of reform with WordPress.
It is one of the many things that are need of reform with WordPress.
The unfixed vulnerability that support forum discussion is about is something we posted was likely being targeted by a hacker last week.
WordPress Hasn’t Addressed Hacker Targeted Plugin With 100,000+ Installs That Has Unfixed “Critical” Vulnerability
www.pluginvulnerabilities.com
May 27, 2025 at 10:20 PM
The unfixed vulnerability that support forum discussion is about is something we posted was likely being targeted by a hacker last week.
Are you going to cover how Patchstack is refusing to provide WordPress with information needed to properly handle vulnerable plugins? This is leading to websites remaining vulnerable to easily fixed vulnerabilities.
Security vulnerability
Security vulnerability Resolved Artan (@artankrasniqi1988) 1 day, 10 hours ago Hi, wordfence reported a high level vulnerability: Had to uninstall the plugin for now. Hope a fix comes so I can reac…
wordpress.org
May 27, 2025 at 10:20 PM
Are you going to cover how Patchstack is refusing to provide WordPress with information needed to properly handle vulnerable plugins? This is leading to websites remaining vulnerable to easily fixed vulnerabilities.
Patchstack are claiming the EU Cyber Resilience Act (CRA) requires this.
It isn't the first time they have lied about that act.
It isn't the first time they have lied about that act.
Patchstacks’s Vulnerability Disclosure Program (VDP) Goes Against Important Requirements of EU’s Cyber Resilience Act
www.pluginvulnerabilities.com
May 27, 2025 at 9:33 PM
Patchstack are claiming the EU Cyber Resilience Act (CRA) requires this.
It isn't the first time they have lied about that act.
It isn't the first time they have lied about that act.
The US Government through their funding of CVE is also supporting this.
May 27, 2025 at 9:33 PM
The US Government through their funding of CVE is also supporting this.
Joost de Valk (@joost.blog) is funding what is basically a man-in-the-middle (MiTM) attack against WordPress.
Patchstack Secures $5M in Series A Funding
Patchstack, a leading WordPress security company, recently raised $5 million in its Series A funding round. The funding round was led by Karma Ventures, G+D Ventures, and Emilia Capital, an investm…
wptavern.com
May 27, 2025 at 9:33 PM
Joost de Valk (@joost.blog) is funding what is basically a man-in-the-middle (MiTM) attack against WordPress.
We provided our customers with the details of the vulnerability last week.
Wordfence Missed That Authenticated Persistent XSS Vulnerability in 2+ Million Install MC4WP: Mailchimp for WordPress Wasn’t Fixed
www.pluginvulnerabilities.com
May 27, 2025 at 8:48 PM
We provided our customers with the details of the vulnerability last week.
Is anyone keeping track of incident reports that haven't even received a response?
We still haven't received a response for one we filed in January of last year. It involved, among other things, returning a known vulnerable plugin to the plugin directory.
We still haven't received a response for one we filed in January of last year. It involved, among other things, returning a known vulnerable plugin to the plugin directory.
May 27, 2025 at 5:39 PM
Is anyone keeping track of incident reports that haven't even received a response?
We still haven't received a response for one we filed in January of last year. It involved, among other things, returning a known vulnerable plugin to the plugin directory.
We still haven't received a response for one we filed in January of last year. It involved, among other things, returning a known vulnerable plugin to the plugin directory.
Patchstack claimed today that over 100,000 websites are affected, but as we noted last week, it is significantly less than that.
WordPress Hasn’t Addressed Hacker Targeted Plugin With 100,000+ Installs That Has Unfixed “Critical” Vulnerability
www.pluginvulnerabilities.com
May 27, 2025 at 5:24 PM
Patchstack claimed today that over 100,000 websites are affected, but as we noted last week, it is significantly less than that.
In other areas the team are still failing pretty badly. A situation like this one this shouldn't happen. We have offered for years to provide fixes to stop this sort of thing from happening, and yet it keeps happening. 2/2
WordPress Hasn’t Addressed Hacker Targeted Plugin With 100,000+ Installs That Has Unfixed “Critical” Vulnerability
www.pluginvulnerabilities.com
May 27, 2025 at 5:12 PM
In other areas the team are still failing pretty badly. A situation like this one this shouldn't happen. We have offered for years to provide fixes to stop this sort of thing from happening, and yet it keeps happening. 2/2
As we said in a comment we just left on the post, it is great that automated testing finally got implemented, as it has addressed a lot of issues that should have been caught for a long time.
But there still look to significant problems with the review process, like this. 1/2
But there still look to significant problems with the review process, like this. 1/2
WordPress Plugin Submission Review Seems to Have Failed Badly With ConvertPro
www.pluginvulnerabilities.com
May 27, 2025 at 5:12 PM
As we said in a comment we just left on the post, it is great that automated testing finally got implemented, as it has addressed a lot of issues that should have been caught for a long time.
But there still look to significant problems with the review process, like this. 1/2
But there still look to significant problems with the review process, like this. 1/2