As part of our keeping track of the possible closure of popular WordPress plugins due to security vulnerabilities, so that we can warn customers of our service ahead of hacker exploiting vulnerabilities those closures might shine a light on, we were notified that the plugin Analytics Code Integration (Analytics), which has 30,000+ installs, was closed today. No reason has been given for the closure. There was a claim 8 months ago that there were security issues in the plugin and the plugin hasn’t been updated since that occurred. In quickly looking over the plugin we found a very minor vulnerability, what we refer to as an Internet Explorer reflected cross-site scripting (XSS) vulnerability.

In the files /notice_pro_get.php and /pro_get.php the following line of code exist in a couple of locations: [Read more]