Login

Tag Archives: Steve Stern

10 Dec 2021

WordPress Forum Moderators Again Stop WP Community From Helping Each Other Deal With Hacked Sites

On Monday, a serious vulnerability was fixed in the WordPress plugin PublishPress Capabilities, which we detailed for customers on Tuesday (we also warned about less serious vulnerability the same day). On Wednesday, the vulnerability was widely exploited.

That is a situation that could have largely avoided by the WordPress plugin team, if they had automatically updated the plugin before the exploitation happened, instead of after (or by websites enabling WordPress to automatically update plugins). Instead, what WordPress did through the team running their support forum (which is led by one of two people that also control the plugin team), is shutdown and largely deleted the discussion where users were helping other to deal with the hacked websites. [Read more]

13 Dec 2018

The Strange Behavior of Moderators of the WordPress Support Continues With Response to Our Protest

When it comes to the inappropriate behavior on the part of the moderators of the WordPress Support Forum that lead to us full disclosing vulnerabilities in protest until WordPress gets that situation cleaned up one thing that stands out is how strange so much of it is. If the moderators were, say, being paid off to delete reviews of plugins you could understand the motive behind it, but with what is going on so much is head scratching. Why would a moderator delete a reply just saying thank you, which is something that we have run across moderators recently as well as years ago. So it probably isn’t surprising that the first direct response from someone on the WordPress side of things to our protest doesn’t even really make sense.

That comes from one of the problematic moderators and starts with this: [Read more]