[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)

Nikola Nikolov nikolov.tmw at gmail.com
Fri Mar 28 16:37:16 UTC 2014


I'd suggest creating a mailing list - this way people can actually opt-in
to those emails(so people here that don't want to receive that kind of
information will not and those who want can sign-up for it).


On Fri, Mar 28, 2014 at 6:34 PM, Harry Metcalfe <harry at dxw.com> wrote:

> There must be hundreds or thousands of plugin with security issues. I
>> don't think everybody will be interested to know vulnerabilities in
>> them.
>>
> I'm honestly not sure how to respond to that. I don't think I know anyone
> who doesn't care about having an exploitable website. I agree that there
> are hundreds of vulnerable plugins. That's what we're trying to help fix,
> because it's unacceptable!
>
>
>  I guess most of the user of the plugin are not going to read this.
>>
> We'll do the best we can to make sure everyone who is interested will find
> out. We currently:
>
>  * Publish to our website
>  * Tweet from @dxwsecurity
>  * Post to wp-hackers and Full Disclosure
>  * Request a CVE
>
> If you have any ideas about how we can spread the word more, I'm all ears.
>
> Harry
>
>
>
> On 28/03/2014 16:06, Varun Agrawal wrote:
>
>> Hi Harry,
>>
>>  It was my assumption that this list would be interested to know about
>>> vulnerable plugins.
>>>
>> There must be hundreds or thousands of plugin with security issues. I
>> don't think everybody will be interested to know vulnerabilities in
>> them.
>>
>>
>>  we are disclosing the vulnerability in order that anyone using this
>>> plugin can take steps to protect themselves.
>>>
>> I guess most of the user of the plugin are not going to read this.
>>
>>
>> -Varun
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
> --
> Harry Metcalfe
> 07790 559 876
> @harrym
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list