[wp-hackers] XSRF - announcement ! / Plugin WP

William Davis will.davis at gmail.com
Thu Dec 23 16:34:49 UTC 2010

This is a problem with a plugin, not with the WordPress core, so the  
plugin author should be contacted.

But, as Andrew Nacin has said before on the WP-Hackers list, security  
vulnerabilities should be reported to security at wordpress.org, never to  
the general public.


On Dec 23, 2010, at 8:51 AM, MASOKIS wrote:

> Hi.... check this out, (sorry written in malaysia language, use google
> translater..it's work)
> http://bit.my/L1yQ
> It about attack XSRF ( cross site request forgery ) for wp plugin,
> i already report to wp community but no feedback.. maybe not notified
> check here
> http://wordpress.org/support/topic/plugin-announcement-and-vertical-scroll-news-xsrf-vulnerable-attack
> i also inform to plugin developer.. but my msg maybe go to spambox...
> urmm...
> /hi.. today is my1st join this mailing list.. and this was 1st msg ,  
> greetz
> to all wp-hackers :)
> -- 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list