[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)

Chris Christoff hello at chriscct7.com
Fri Mar 28 16:45:52 UTC 2014 

-- Please reply above this line --

-----------------------------------------------------------
## Chris replied, on Mar 28 @ 12:45pm (AMT):

I agree. Make a seperate mailing list so those interested can optin.
Not force existing maillist subscribers to have to setup GMail filters
to delete these posts.
--
Chris Christoff
hello at chriscct7.com
http://www.chriscct7.com [1]
@chriscct7
If you feel the need to donate, as a college student, I appreciate
donations of any amount. The easiest way to donate to my college fund
is via the donation button at the bottom of my
homepage: http://chriscct7.com/ [2]

Links:
------
[1] http://www.chriscct7.com
[2] http://chriscct7.com/


-----------------------------------------------------------
## wp-hackers at lists.automattic.com replied, on Mar 28 @ 12:43pm (AMT):

<johnbillion+wp at gmail.com>wrote:

 >
 > > Anyone else agree? Who'd join such a list?
 > >
 > > I'll keep a tally on that too.
 > >
 > > Though I am a bit surprised at the respondents here who
*don't* want to
 > > know about vulnerable plugins they may be running...
 >
 >
 > I think a separate mailing list would be a better idea than
posting to
 > wp-hackers, for the same reason there are separate mailing
lists and
 > separate IRC channels and separate development blogs for all
the various
 > aspects of WordPress.
 >
 > John
 >

 I concur!

 I would certainly be open to joining that, and agree it should be
separate
 from wp-hackers.

 Dre Armeda
 _______________________________________________
 wp-hackers mailing list
 wp-hackers at lists.automattic.com
 http://lists.automattic.com/mailman/listinfo/wp-hackers

-----------------------------------------------------------
## wp-hackers at lists.automattic.com replied, on Mar 28 @ 12:42pm (AMT):

-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256

 I'd sign up to it. their was someone called "mustlive" who used to
post lots of wp stuff on full-disclosure I'm sure I can send find a
contact if you want.

 - --
 Sent from my Android device with K-9 Mail. Please excuse my brevity.
 -----BEGIN PGP SIGNATURE-----
 Version: APG v1.0.9

 iQFMBAEBCAA2BQJTNaZqLxxTY290dCBIZXJiZXJ0IDxzY290dC5hLmhlcmJlcnRA
 Z29vZ2xlbWFpbC5jb20+AAoJEJHf3PUjVwdR2QYH/3Rg431s2zEPvYrLZRFIwCRC
 UtNvuVTAd180qV6MhHUtOJNV727ph4k4ZlzFz81DX4z0OBhvnlGUQ3M6CfHGMPZL
 ey+s2mbOhNudslwkSE7Ei1QFa3o9L3jXokyABNVbGRswoZcFCirVimeEZxscMYmC
 +uLe50gSTxVHHr+m/81eXOc24gD/nz122M1CMX/q29SJ9A8v/PpPGlFKBGOIRGJl
 LohhAzhbhKOQcNV5uBxrrfp2Z/CPCbXPUF3qAVFurjIIxnKuX7NOXNOmt3zB/XBN
 NepxnXRIlI/VWNvPi3j/RWErscJ84iASpUhT/ZAA3FvFkSYuZ6MVJPRYF6m4Vc4=
 =Tdhu
 -----END PGP SIGNATURE-----

 _______________________________________________
 wp-hackers mailing list
 wp-hackers at lists.automattic.com
 http://lists.automattic.com/mailman/listinfo/wp-hackers

-----------------------------------------------------------
## wp-hackers at lists.automattic.com replied, on Mar 28 @ 12:41pm (AMT):

Anyone else agree? Who'd join such a list?
 >
 > I'll keep a tally on that too.
 >
 > Though I am a bit surprised at the respondents here who *don't*
want to
 > know about vulnerable plugins they may be running...

 I think a separate mailing list would be a better idea than posting
to
 wp-hackers, for the same reason there are separate mailing lists and
 separate IRC channels and separate development blogs for all the
various
 aspects of WordPress.

 John
 _______________________________________________
 wp-hackers mailing list
 wp-hackers at lists.automattic.com
 http://lists.automattic.com/mailman/listinfo/wp-hackers

-----------------------------------------------------------
## wp-hackers at lists.automattic.com replied, on Mar 28 @ 12:38pm (AMT):

Anyone else agree? Who'd join such a list?

 I'll keep a tally on that too.

 Though I am a bit surprised at the respondents here who *don't* want
to
 know about vulnerable plugins they may be running...

 Harry

-----------------------------------------------------------
## wp-hackers at lists.automattic.com replied, on Mar 28 @ 12:37pm (AMT):

Just by way of comparison Google give you 7 days, I think 14 days is
fine. I tend to give companies 30days to have the patch out, unless
they give me a good reason to delay.

-----------------------------------------------------------

More information about the wp-hackers mailing list