27 Sep

WordPress Team Didn’t Notify Developer of Plugin with 700,000+ Active Installations About Vulnerability They Knew About

As part of our new full disclosing vulnerabilities in WordPress plugins until the people on the WordPress side of things finally clean up the moderation of their Support Forum we disclosed a vulnerability in a plugin with 700,000+ active installs. We tried to notify the developer of the plugin through the Support Forum, but the moderators deleted that. If you are not familiar with their inappropriate behavior you would probably think they would have notified the developer instead, but they didn’t.

[Read more]