[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)

Dino Termini dino at duechiacchiere.it
Fri Mar 28 21:00:48 UTC 2014


Again, I think this should be added to wp core, and managed through the repo. When a plugin is removed from the repo, or better "deactivated" (not downloadable but with a big red warning saying why, just like they do for plugins older than 2 years), people get a notice in their admin telling them what happened. Only a few geeks (including myself) would check that other mailing list, leaving the majority of wp users unprotected. 

Should I file a request on trac? 

Dino

On March 28, 2014 4:54:30 PM EDT, Tom Barrett <tcbarrett at gmail.com> wrote:
>Most of all, I'd like it if people trimmed their emails to be less
>spammy.
>
>I think what Harry is doing is a good thing, and I want to be aware of
>security issues with wordpress.org plugins (as well as any others).
>
>I'm happy for security reports, as per Harry's recent ones, to be
>posted
>here.
>_______________________________________________
>wp-hackers mailing list
>wp-hackers at lists.automattic.com
>http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list