[wp-hackers] Critical WP Flaw?

Denis de Bernardy denis at semiologic.com
Thu Jul 27 08:45:34 GMT 2006

Ryan said:

> > 2) _Official_ threat level, just how serious is it?
> If plugins don't check caps, it can be very serious.
> > 3) Possible fix dates
> Up to plugin authors.

I now end up wondering whether I should fix my own plugins or not...

I check user levels, not caps. And I rely on WP to check this for me, via
the admin interface's built-in protections. This is what most plugin authors
do, as far as I can tell. If doing this is wrong, we've got a huge number of
plugins in need of fixing. Or a huge WordPress workflow error.

Anyway... without any information, how should I or any other plugin author
guess if anything needs to be fixed, and what needs to be fixed?


More information about the wp-hackers mailing list