[wp-hackers] notification of insecure plugins?
Peter Westwood
peter.westwood at ftwr.co.uk
Thu Nov 18 21:48:59 UTC 2010
On 18 Nov 2010, at 21:10, Otto wrote:
> Also, if a plugin has a known security problem and the original author
> has abandoned it or is no longer interested in updating it or is
> totally unreachable or what have you, and somebody is interested in
> taking it over and patching it, then we can grant commit access to it
> and allow it to be updated and maintained by somebody else.
>
> This is a special case circumstance, but it is better to have actively
> maintained plugins than to have old insecure plugins sitting around in
> the repository.
Also if you can't get a quick response or can't work out how to get in contact with the plugin author please report the security issue to the core security alias and we can try and ensure it gets resolved.
Cheers
--
Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
More information about the wp-hackers
mailing list