The description of the plugin Companion Auto Update, which has 30,000+ active installations according to wordpress.org, starts with the message:
KEEP YOUR WEBSITE SAFE! [Read more]
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during February (and what you have been missing out on if you haven’t signed up yet): [Read more]
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during June (and what you have been missing out on if you haven’t signed up yet): [Read more]
We recently found that the plugin Companion Auto Update contained a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability with the plugin’s settings.
The CSRF portion is caused by a lack of a nonce being included with a request to change the plugin’s settings and a lack of check that valid one is included when doing the saving. [Read more]