Register to share, discuss and vote for the best WordPress stories every day, find new ideas
and inspiration for your business and network with other members of the WordPress community.
Join the #1 WordPress news community!
Looks like another plugin has gone down. This time due to a XSS vulnerability.
The "unnamed security researcher" referred to in that is actually us, www.pluginvulnerabilities.com/2017/06/29/reflected-cross-site-scripting-xss-vulnerability-in-postman-smtp/. Wordfence didn't want people to know that we discovered the vulnerability for some reason.
Wordfence is also avoiding getting behind or even mentioning an effort to get WordPress to start alerting people directly when plugins are removed from the Plugin Directory and telling them why the plugins have been removed, wordpress.org/ideas/topic/alert-when-installed-plugins-have-been-removed-from-the-plugin-directory.
ManageWP.org uses your existing social media account to create/access your profile. We will never post to your social profile.