Far too frequently hackers find unfixed vulnerabilities in WordPress plugins and start exploiting them. Those zero-day vulnerabilities are something that we want to make sure we are warning our customers about.

Through monitoring we do, we often detect evidence of hackers targeting plugins, which allows us to warn our customers about unfixed vulnerabilities we then find that hackers might be targeting (here is one recent example of that). In more limited circumstances, we see exploitation attempts of zero-day vulnerabilities in WordPress plugin.

What we have found based on our interactions with web hosts is that they are often the first to detect those zero-day vulnerabilities being exploited, which is information we are interested in having more of, so that we can better serve our customers. The problem is there hasn’t been a good mechanism for web hosts and security providers to share this information. So we have created a mailing list for just that. Any web hosts or other security providers that have a proven ability to provide information on those zero-day in WordPress plugins vulnerabilities is welcome to join. When we or one of the other partners detects such situation, we then pass along the information to the rest of the partners.

To discuss joining, get in touch with us.