Per Soderlind recently alerted me to a rather important security issue regarding plugins hosted outside of WordPress.org. All WordPress.org hosted plugins receive plugin updates from WordPress.org. Commercial plugins often add scripts to provide plugin updates from other sources*, but the vast majority of plugins simply go without […]