One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing their plugins and others get them properly secured when alerted they haven’t done that, while other plugin developers either are unable or unwilling to properly secure their plugins. With the latter group, among the issues we have seen, are developers who have introduced new serious vulnerabilities that are substantially similar to vulnerabilities that they know have been exploited in their plugins.

In situations where we become aware of developers who have shown that inability or unwillingness to properly secure their plugin(s), we are releasing advisories to warn customers of our service and the wider WordPress community of the risk of utilizing those developers’ plugins.

In addition to checking those posts on our website for information on those advisories, we provide access to the information in several other forms.

You can get warned about plugins subject to an advisory with the companion plugin for our service, even when not using the service.

You can also see the advisories displayed on the listing for the relevant plugins on the WordPress Plugin Directory website with our web browser extension for Chrome. If you would like it available for another web browser, please contact us.

The data on the advisories can be accessed separately in JSON format. If you would like it available in an additional format, please contact us.

If you are aware of a developer that we haven’t warned about, but should, please contact us about that.