While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

This week four of these plugins was closed and two have been reopened.

Ad Inserter

Ad Inserter, which has 200,000+ installations, was closed on Monday. According to the developer it was not closed due a policy guidelines violation.

In looking over the plugin we didn’t find any obvious security issues and the changes made to the plugin between its removal and return don’t look security related.

It was reopened on Tuesday.

KingComposer

KingComposer, which has 80,000+ installations, was closed on Monday. That was due to a vulnerability we disclosed the same day (strangely another plugin with the same number of installs and same vulnerability also disclosed in the same post was not closed and remains vulnerable). The developer didn’t give an accurate answer when asked why it was closed, stating:

currently the plugin kingcomposer is appearing some errors need to be fixed so we have to close the download to perform error correction,

They wouldn’t have been the ones that closed it and fixing the vulnerability wouldn’t have required them to close it, just release a new version that fixes the issue. That seems like a good reason for WordPress to provide people accurate information on why plugins have been removed.

It was reopened on Tuesday.

Storefront Product Pagination

Storefront Product Pagination, which has 40,000+ installs, was closed on Thursday. The developer removed the plugin from the Plugin Directory.

In looking over the plugin we didn’t find any obvious security issues.

Storefront Sticky Add to Cart

Storefront Sticky Add to Cart, which has 50,000+ installs, was closed on Thursday. The developer removed the plugin from the Plugin Directory.

In looking over the plugin we didn’t find any obvious security issues.

---

Need Continued Support for a Closed Plugin?

Does your website depend on a WordPress plugin that is no longer being supported by the original developer? With our Abandoned WordPress Plugin Maintenance Service, we can maintain the plugin for you, so you can safely use the plugin going forward.