Important Note: If you need to keep track of the vulnerabilities in WordPress plugins on hundreds of websites or less, then our main service is a much better option as it automatically checks if the websites are using known vulnerable plugins as frequently as every hour and when there is a vulnerable plugin on your website(s) you get an email alert, while costing a fraction of the cost this email newsletter service. We also provide much more complete information on vulnerabilities in plugins being used by customers of that service that we do other plugins.

Also, any web hosts or other security providers that have a proven ability to provide information on those zero-day in WordPress plugins vulnerabilities is welcome to join our
WordPress plugin zero-day vulnerability exploitation info sharing partnership for free access to information on those.

 

With our daily newsletter service, every day that we have added new WordPress plugin vulnerabilities to our data set we send you an email with the details on them. In addition to the daily email, any time we come across a new vulnerability that is being exploited we will send you an email as soon as we have confirmed the vulnerability.

The emails are sent out approximately 5pm Mountain time each day, seven days a week.

Here is an example of the newsletter and what information is included in it:

While there are other data sources available, they don’t come close to providing the quality and breadth of data we provide. That is due to us:

• Actually discovering a lot of the vulnerabilities being found in addition to collecting data on vulnerabilities discovered by others, which despite our then publicly disclosing them, other data sources are often missing them.
• Monitoring sources of information that others don’t.
• Monitoring changes made to plugins, so that we can often determine what vulnerabilities have been fixed before the vulnerability has been disclosed by the discoverer (assuming they even ever disclose it).
• Actually confirming and validating each reported vulnerability, so that you are not getting information on false reports and you are not told that vulnerabilities have been fixed when it hasn’t. This is something that at least one other security company thinks is so valuable they lie about having access to such data.
• Providing an estimate of likelihood of exploitation based on years of experience dealing with hacked websites, so you understand what vulnerabilities are of the most concern.

The subscription also provides you with:

• Support. If you have a question about one of the vulnerabilities disclosed, we can provide you with an answer from someone who is familiar with the vulnerability.
• Access to our vulnerability details posts, which detail vulnerabilities that that have been disclosed by others without the details being released.
• The ability to suggest/vote for plugins in the WordPress Plugin Directory to receive a security review from us after your free trial of the service has ended.
• A free security review of a plugin or theme each month after your free trial of the service has ended.
• Access to ability to see the details of issues identified by our Plugin Security Checker and the ability to check custom plugins through that.