Support » Plugin: Plugin Vulnerabilities » Used to be helpful, now…not so much

  • This used to be a handy plugin. Unfortunately the author is quite narrow-minded and rejects the work other security experts are doing. Security professionals need to work together more, and not have such a “me” vs “you” attitude…there is room for all, and we’re all on the same side here.

    The WPScan Vulnerbility Database is a valuable resource for WordPress users and developers, but the author has nothing but negative things to say about them, presumably since they do “competing” work. (Even though they are in completely different leagues – WPScan’s resources are far more robust.)

    This plugin is less useful than it could be because the vulns are hard-coded into the plugin, and not updated dynamically using an API. Also, the updates are very passive, so it doesn’t warn the user proactively. The only way a plugin like this could be helpful is to be proactive.

    The plugin’s page is located in the wrong place in the Dashboard — it’s under “Plugins”, but should really be under “Tools” or “Settings”. We pointed this out a while back, and got a snappy response back. So much for trying to help.

    The author considers the WordPress update API insecure and a privacy risk, which is a bit laughable. We always advocate hardening WordPress, but there actually is such a thing as paranoia.

    So unfortunately, we have to downgrade our rating.

  • The topic ‘Used to be helpful, now…not so much’ is closed to new replies.