01 Nov

Full Disclosure of Authenticated XSS Vulnerability in WordPress Plugin With 100,000+ Installs

One of the elements of the inappropriate behavior of the moderators of the WordPress Support Forum that has lead us to¬†full disclosing vulnerabilities in protest until WordPress gets that situation cleaned up has been to delete messages about vulnerabilities in WordPress plugins while doing nothing to get them fixed. We don’t know how they think this is a good idea since it just limits getting things fixed, which is what is the important thing to do about vulnerabilities, while not actually hiding the vulnerabilities.

[Read more]