In October 2024, our usual bug bounty hunt resulted in receiving 1570 valid reports and closing almost 1000 plugins from the official WordPress repository. This huge number looks scary and seems once again to prove the fact that WordPress ecosystem security is poor. But is it? Let’s dive deeper into how it all happened, what were the consequences, and what we can learn from this.

Presentation Slides »