NitroPack

WP Engine Failed to Vet Security of Plugin Acquired This Year or Fix Vulnerability in It Once It Was Reported to Them

When it comes to whether Matt Mullenweg or WP Engine are the bad guys in the recent, the reality is that they both have played a decidedly harmful role in the security of WordPress plugins. Sometimes that comes from them working together. Last year, we noted that WP Engine was falsely claiming that a popular WordPress plugin contained a security vulnerabilities. That was caused by them using a known unreliable source of vulnerabilities, WPScan. Incredibly, WP Engine’s VP of security admitted earlier in the year they haven’t done due diligence with WPScan’s data:

We know that there are other options out there, but given the sense of completeness and alerts for ALL relevant plugins, we never had a need to go crosscheck WPScan against anyone else. [Read more]

What WordPress Plugins Are No Longer Receiving Updates Through the WordPress Plugin Directory?

As part of the mess going on with WordPress, plugin developers are choosing or being forced to provide updates for their plugins outside of the WordPress Plugin Directory. This creates a big security headache. To help address this, we are compiling information on impacted plugins. You can help by letting us know of additional plugins that are impacted, by either leaving a comment below or contacting us.

The information is also available in a machine-readable format to allow for software to automate checking for impacted plugins. We currently have it available in the JSON format. If there are other formats needed, we can format it for those as well. [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: NitroPack

WP Engine Failed to Vet Security of Plugin Acquired This Year or Fix Vulnerability in It Once It Was Reported to Them

What WordPress Plugins Are No Longer Receiving Updates Through the WordPress Plugin Directory?