[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)

Daniel danielx386 at gmail.com
Fri Mar 28 21:03:59 UTC 2014

That's a better way of doing things

On 3/29/14, Dino Termini <dino at duechiacchiere.it> wrote:
> Again, I think this should be added to wp core, and managed through the
> repo. When a plugin is removed from the repo, or better "deactivated" (not
> downloadable but with a big red warning saying why, just like they do for
> plugins older than 2 years), people get a notice in their admin telling them
> what happened. Only a few geeks (including myself) would check that other
> mailing list, leaving the majority of wp users unprotected.
> Should I file a request on trac?
> Dino
> On March 28, 2014 4:54:30 PM EDT, Tom Barrett <tcbarrett at gmail.com> wrote:
>>Most of all, I'd like it if people trimmed their emails to be less
>>I think what Harry is doing is a good thing, and I want to be aware of
>>security issues with wordpress.org plugins (as well as any others).
>>I'm happy for security reports, as per Harry's recent ones, to be
>>wp-hackers mailing list
>>wp-hackers at lists.automattic.com
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

Daniel Fenn

More information about the wp-hackers mailing list