WordPress security advisories, audit and assurance

We undertake a significant quantity of assurance work, to ensure that the sites we build and the plugins they rely on are secure. We publish information about that work on this site.

What we do

Plugins inspections and reviews

To make sure that the sites we build and the plugins they rely on are secure we regularly carry out plugin reviews and publish our findings.

Advisories

We share the results of the assurance work we undertake. We publish advisories about security vulnerabilities we identify with suggested steps you can take to mitigate them.

Recent plugin recommendations

PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes September 10, 2024

3.5.11 - No issues found

Members – Membership & User Role Editor Plugin September 2, 2024

3.2.9 - Use with caution

Loco Translate August 6, 2024

2.6.11 - Use with caution

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings August 1, 2024

1.0.224 - Use with caution

PDF Embedder July 11, 2024

4.8.2 - No issues found

All plugin recommendations

Recent advisories

CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can January 8, 2019

Severity: Medium

ACE via file inclusion in Redirection allows admins to execute any PHP file in the filesystem June 12, 2018

Severity: High

CSRF in Tooltipy (tooltips for WP) could allow anybody to duplicate posts June 12, 2018

Severity: Medium

Reflected XSS in Tooltipy (tooltips for WP) could allow anybody to do almost anything an admin can June 12, 2018

Severity: Medium

Unserialization vulnerability in Redirection could allow admin to execute arbitrary code in some circumstances June 6, 2018

Severity: High

All advisories