[wp-hackers] WordPress Plugin GUID

Ozh ozh at planetozh.com
Fri Jun 5 14:42:14 GMT 2009


> Currently, if a plugin author chooses to self-host his plugin and not
> list it in the directory, a malicious individual could e-mail Matt and
> ask for an entry in the plugin directory with the same slug. Then, the
> malicious individual could release an 'update' to the plugin that could
> 0wn the blog.

oh my...
fantastic idea >:]



More information about the wp-hackers mailing list