FROM THREATPRESS:
Ten WordPress Plugins By Multidots For WooCommerce Identified As Vulnerable And Dangerous
May 31, 2018 WooCommerce Security, WordPress Security
Recently our research team found serious security issues in ten WordPress plugins developed by the same vendor – MULTIDOTS Inc. company. All vulnerable plugins designed to work alongside with WooCommerce so there is a real threat to all online stores powered by WooCommerce and one of these plugins.
All these WordPress plugins were available on WordPress.org plugin repository and all of them were highly dangerous.
ThreatPress research team notified MULTIDOTS Inc. about security issues on 2018-05-08. We received a clear response that they do understand the problem. We were waiting for information about updates of these plugins, but it took too long and there were no clear answers from the vendor about the expected update release date. After a few weeks the plugins were not patched.
We decided to report this situation to the WordPress plugin repository security team. All WordPress plugins listed above were closed on May 23, 2018 and are no longer available for download.