[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)

Harry Metcalfe harry at dxw.com
Mon Mar 31 09:32:34 UTC 2014

Hello everyone,

Thanks all for the feedback. There isn't really a clear consensus here 
about what everyone would like to see. There is an clear desire for a 
mailing list, though, so I've set that up.

You can visit: 
http://lists.dxw.com/mailman/listinfo/dxw-wp-security_lists.dxw.com or 
send an email to dxw-wp-security-subscribe at lists.dxw.com.

 From now on, we will post all advisories to that list.

I will continue to post some advisories here, but only when I think 
they'll be of more general interest - for example, for a popular plugin, 
or a high-impact vulnerability.

Hope that's ok, and open to suggestions as always.


On 28/03/2014 20:54, Tom Barrett wrote:
> Most of all, I'd like it if people trimmed their emails to be less spammy.
> I think what Harry is doing is a good thing, and I want to be aware of
> security issues with wordpress.org plugins (as well as any others).
> I'm happy for security reports, as per Harry's recent ones, to be posted
> here.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

Harry Metcalfe
07790 559 876

More information about the wp-hackers mailing list