[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)

Mark Costlow cheeks at swcp.com
Fri Mar 28 21:19:03 UTC 2014


I like that idea too.


For anyone interested, @exploitdb on twitter posts exploits in all
manner of software, including many web apps, including WP plugins.
(I have nothing to do with it, I just follow it).

Mark


On Sat, Mar 29, 2014 at 08:03:59AM +1100, Daniel wrote:
> That's a better way of doing things
> 
> On 3/29/14, Dino Termini <dino at duechiacchiere.it> wrote:
> > Again, I think this should be added to wp core, and managed through the
> > repo. When a plugin is removed from the repo, or better "deactivated" (not
> > downloadable but with a big red warning saying why, just like they do for
> > plugins older than 2 years), people get a notice in their admin telling them
> > what happened. Only a few geeks (including myself) would check that other
> > mailing list, leaving the majority of wp users unprotected.
> >
> > Should I file a request on trac?
> >
> > Dino
> >
> > On March 28, 2014 4:54:30 PM EDT, Tom Barrett <tcbarrett at gmail.com> wrote:
> >>Most of all, I'd like it if people trimmed their emails to be less
> >>spammy.
> >>
> >>I think what Harry is doing is a good thing, and I want to be aware of
> >>security issues with wordpress.org plugins (as well as any others).
> >>
> >>I'm happy for security reports, as per Harry's recent ones, to be
> >>posted
> >>here.
> >>_______________________________________________
> >>wp-hackers mailing list
> >>wp-hackers at lists.automattic.com
> >>http://lists.automattic.com/mailman/listinfo/wp-hackers
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> 
> 
> -- 
> Regards,
> Daniel Fenn
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

-- 
Mark Costlow    | Southwest Cyberport | Fax:   +1-505-232-7975
cheeks at swcp.com | Web:   www.swcp.com | Voice: +1-505-232-7992

Mail Minder - Intelligent Push Notifications for Email on the iPhone
http://mailminderapp.com/download  or in the App Store



More information about the wp-hackers mailing list