Login

Tag Archives: Oliver Sild

16 Jan 2024

Wordfence Didn’t Make Sure Vulnerability in WooCommerce Had Been Fixed (Or That It Even Existed)

Late last week, Wordfence created a mess by claiming there was an unfixed vulnerability in WooCommerce. What that situation showed is they are not doing the work that people clearly believe they are doing. That includes not checking if vulnerabilities have actually been fixed or if they even existed, before widely making claims about supposed vulnerabilities. We will get in to more detail about that in a few moments, but first we will take a look at a couple of other recent examples, which show that wasn’t a one-off fluke.

We should note at the outset that the CEO of Wordfence, Mark Maunder, recently claimed their “data is impeccable” when we brought up the well-known problems with it. [Read more]

29 Nov 2021

WP Tavern’s Justin Tadlock Won’t Address Lack of Due Diligence With False Claims from Patchstack

Earlier this year we ran across claims from the web security company Patchstack that a bug bounty program they were running, which they were misleadingly market as a “red team”, was finding an extraordinary amount of vulnerabilities in WordPress plugins.

In May, for example, they claimed that there were 292 vulnerabilities found and that one of the submitter found 149 vulnerabilities and another found 101 vulnerabilities. Both the total and individual numbers sounded hard to believe based on our experience, both collecting up data on vulnerabilities in WordPress plugins and discovering vulnerabilities. [Read more]