For the second day of our full disclosures of WordPress plugin vulnerabilities due to the continuing inappropriate handling of the moderation of the WordPress Support Forum we are focusing on something that relates to the larger problem when it comes to handling security by the WordPress team. Part of what makes the inappropriate moderation of the Support Forum so harmful, whether intended or not, is that it acts as an active cover up problems, which could be fixed quite easily if the people on the WordPress side of things were interested in fixing them. When they can largely cover up those problems, though, it allows those problems to instead fester since pressure doesn’t build for change since many in the WordPress community are not aware of them.

When a new plugin is submitted to the WordPress Plugin Directory a manual review of the plugin is supposed to be done: [Read more]