Last week we released an advisory warning people to avoid plugins from Awesome Motive due to repeated inability or unwillingness to fully fix security issues and vulnerabilities in their plugins. One aspect that is so striking about their failure to do that is that Awesome Motive has a chief security officer. How can you have such bad security in that situation? One explanation would be that someone unqualified was simply given that title. We have seen plenty of instances over the years of just such a situation in the security space. A problem with that explanation is that the CSO, Chris Christoff, is the Security Reviewer on the WordPress Plugin Review Team. We don’t know what he actually does on that team, but the team has throughout his tenure shown a lack of ability to properly review the security of plugins (something we tried unsuccessfully to address with Awesome Motive).

After releasing that advisory, we then needed to compile a list of all of Awesome Motive’s plugins so that we could add a warning for them to the various ways our advisory data is distributed. That isn’t exactly easy, as Awesome Motive is notably not upfront on the WordPress Plugin Directory about which plugins are theirs. The team that runs that, the previously mentioned WordPress Plugin Review Team, could address that, but hasn’t.

In the process of collecting up the plugins, we found that four plugins associated with them (BuddyPress Global Search, Product Importer for WooCommerce, SimpleMap Store Locator, and WordPress Notification Bar) have been closed for security issues. Two additional plugins (Jigoshop – Store Exporter and Jigoshop – Store Toolkit) have recently been closed without an explanation given, but based on the timing of the closure and recent claims of a vulnerability in each, they appear to be closed for the same reason.

It doesn’t seem too much to expect that a plugin provider that touts how financially successfully they are fixing security vulnerabilities in their plugins. Similarly, Chris Christoff touts his great life on his website.

Similarly, Awesome Motive and Chris Christoff claim on their homepages that they are helping small businesses compete with big guys, which hardly aligns with opening up small businesses’ website to being hacked.