One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught one of those vulnerabilities, an authenticated option update vulnerability, in the plugin WP Leads Builder For Any CRM.

Through the same monitoring, we identified the same type of vulnerability in another of the developer’s plugins three weeks ago. We put out an advisory on the developer due to continued poor handling of security over five years ago. [Read more]