Plugins inspections and reviews
To make sure that the sites we build and the plugins they rely on are secure we regularly carry out plugin reviews and publish our findings.
WordPress security advisories, audit and assurance
We undertake a significant quantity of assurance work, to ensure that the sites we build and the plugins they rely on are secure. We publish information about that work on this site.
Recent plugin recommendations
ACF YouTube Picker
Search and select videos on YouTube without leaving the page.
3.1.0 - Use with caution
External Links – nofollow, noopener & new window
Manage all external & internal links on your site. Control icons, nofollow, noopener, ugc (User Generated Content), sponsored and if links open in new window or new tab.
2.63 - Use with caution
Disable Embeds
Prevents WordPress oEmbed functionality, stops external embedding of your content, and removes related JavaScript (wp-embed.min.js) to improve site performance.
1.5.0 - No issues found
MailPoet – Newsletters, Email Marketing, and Automation
Use MailPoet to create, send, manage, and grow your email marketing campaigns – all without leaving your WordPress dashboard.
5.12.11 - Use with caution
Social Integration for BlueSky
An option is available for syndication of posts for BlueSky Social.
1.4.4 - No issues found
Recent advisories
CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can
Severity: Medium
ACE via file inclusion in Redirection allows admins to execute any PHP file in the filesystem
Severity: High
CSRF in Tooltipy (tooltips for WP) could allow anybody to duplicate posts
Severity: Medium
Reflected XSS in Tooltipy (tooltips for WP) could allow anybody to do almost anything an admin can
Severity: Medium
Unserialization vulnerability in Redirection could allow admin to execute arbitrary code in some circumstances
Severity: High