WordPress-Simple-History icon indicating copy to clipboard operation
WordPress-Simple-History copied to clipboard

Published 20 hours ago verified publisher icon bonny

Detect when a plugin auto-updates because of a security issue

Open bonny opened this issue 2 years ago • 0 comments

As an example Ninja Forms was auto-updated today with message Updated plugin "Ninja Forms" to version 3.6.11 from 3.6.9.

I think that plugin was auto-updated due to a security issue with the plugin, but that's not possible to see in the log at the moment. (Other users also was surprised by the auto-update.)

Related:

  • https://developer.wordpress.org/plugins/wordpress-org/plugin-security/#automatic-plugin-security-updates

Possible ways to detect:

  • plugin was updated during doing_cron but plugin was not set to be auto-updated
  • one of the parent filters was wp_maybe_auto_update
CleanShot 2022-06-15 at 20 43 21@2x

bonny avatar Jun 15 '22 18:06 bonny