Two WordPress Plugin Authors Issue Bug Fixes

Two different WordPress plugins have caused a few headaches this week. Hackers reportedly exploited an old vulnerability found in the WordPress plugin WP Cost Estimation & Payment Forms Builder, according to Wordfence. A second and critical vulnerability was also found in the Simple Social Buttons plugin, according to WebARX. The flaw in the WP Cost Estimation plugin, which is present in all versions prior to 9.660, has been fixed. Wordfence wrote in a February 13 blog post that any sites using the plugin are encouraged to update to the latest version. “Developers of plugins and themes are incentivized to develop a product that sells. Few such developers are incentivized to build security and privacy into the development cycle, especially when product lifecycles are brief,” said Mike Bittner, digital security and operations manager at The Media Trust. “Companies that hire them too often think of security and privacy testing as an expense rather than an investment in the business's long-term success; it's also possible these businesses are more interested in making a quick buck than longevity.”