We often find misleading to outright false information about WordPress plugin vulnerabilities coming from claimed security researchers. That frequently involves claims of non-existent vulnerabilities and, more problematically, false claims that real vulnerabilities have been fixed when they haven’t. We are now compiling information on claimed security researchers to help identify untrustworthy researcher and others trying to take advantage of the WordPress community.
If you are a WordPress plugin developer that has been approached by this less than trustworthy "researcher" or their partner (Patchstack, Wordfence, or WPScan) and are looking for help to identify if there really is an issue and what needs to be done to fix it, we offer free help.
Proper research involves providing details of claimed vulneraibilites and or a proof of concept, which allows others to understand the issue and for peer review to take place. It also involves making sure the issue is actually fixed before claimit it is fixed. Issues should not be reported to third-parties instead of the developers.
Issues with István Márton (Lana Codes):
- István Márton (Lana Codes) is known to be unreliable source for vulnerability claims.
Examples: - István Márton (Lana Codes) hasn't provided details of vulnerability claim that would allow claims to independently vetted.
Examples: - István Márton (Lana Codes) is indirectly selling vulnerability details to hackers.
- István Márton (Lana Codes) is helping redirect vulnerability reports away from developers.