patchstack reports 404 vulnerabilities affecting 1.6m+ websites to wordpress.org plugins team – wp tavern

Patchstack has reported 404 plugins to WordPress Plugin Review Team...
This situation creates significant risk for WordPress community, and we decided to take action, Patchstack Darius Sveikauskas said..
Ordinarily, reporting plugins to WordPress org is resort for challenging cases after Patchstack fails to find way to contact the vendors.
Patchstack has characterized it as a zombie plugins pandemic due to the number of abandoned plugins affecting more than 1.6 million sites..
WordPress org Plugins Team has acted on the report by closing more the team added six new sponsored volunteers and opened applications for more team members and have struggled with managing backlog of plugins waiting to be reviews.
Adding plugin vulnerability issues, adds to how long developers have to wait to get new plugins reviewed..
As of August 31, 2023, to WordPress org 404 vulnerabilities 358 plugins affected 289 plugins Closed 109 plugins Patched 6 plugins Not closed Not patched.
To streamline security issue management, the company has created Patchstack mVDP  project.
Patchstack validates the reports that come through, rewards the researchers, and passes them to the vendor to be addressed..
The company is also advocating for dashboard alert as WordPress does not currently give the user this information.
Read more