WordPress security advisories, audit and assurance

We undertake a significant quantity of assurance work, to ensure that the sites we build and the plugins they rely on are secure. We publish information about that work on this site.

What we do

Plugins inspections and reviews

To make sure that the sites we build and the plugins they rely on are secure we regularly carry out plugin reviews and publish our findings.

Advisories

We share the results of the assurance work we undertake. We publish advisories about security vulnerabilities we identify with suggested steps you can take to mitigate them.

Recent plugin recommendations

Simply Static April 11, 2024

3.1.6.3 - Use with caution

Oasis Workflow April 8, 2024

6.4 - Use with caution

Simple History – user activity log, audit tool March 15, 2024

4.12.0 - Use with caution

Simple Download Counter November 17, 2023

1.7 - No issues found

GD Security Headers November 16, 2023

1.7.1 - Use with caution

All plugin recommendations

Recent advisories

CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can January 8, 2019

Severity: Medium

ACE via file inclusion in Redirection allows admins to execute any PHP file in the filesystem June 12, 2018

Severity: High

CSRF in Tooltipy (tooltips for WP) could allow anybody to duplicate posts June 12, 2018

Severity: Medium

Reflected XSS in Tooltipy (tooltips for WP) could allow anybody to do almost anything an admin can June 12, 2018

Severity: Medium

Unserialization vulnerability in Redirection could allow admin to execute arbitrary code in some circumstances June 6, 2018

Severity: High

All advisories