[wp-hackers] Critical WP Flaw?
Denis de Bernardy
denis at semiologic.com
Thu Jul 27 08:45:34 GMT 2006
Ryan said:
> > 2) _Official_ threat level, just how serious is it?
>
> If plugins don't check caps, it can be very serious.
>
> > 3) Possible fix dates
>
> Up to plugin authors.
I now end up wondering whether I should fix my own plugins or not...
I check user levels, not caps. And I rely on WP to check this for me, via
the admin interface's built-in protections. This is what most plugin authors
do, as far as I can tell. If doing this is wrong, we've got a huge number of
plugins in need of fixing. Or a huge WordPress workflow error.
Anyway... without any information, how should I or any other plugin author
guess if anything needs to be fixed, and what needs to be fixed?
Denis
More information about the wp-hackers
mailing list