If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during July (and what you have been missing out on if you haven’t signed up yet): [Read more]
Last month we were trying to get an idea of how effective it would be to try to proactively catch some vulnerabilities when changes are made to WordPress plugins that include those vulnerabilities. In doing one of the preliminary checks we came across a reflected cross-site scripting (XSS) vulnerability that exists in the plugin Contact Form 7 International Sms Integration.
On line 366 of the file /includes/admin/class-sms-log-display.php the value of GET or POST input “page” is output without being escaped: [Read more]