[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)

Nikola Nikolov nikolov.tmw at gmail.com
Fri Mar 28 16:46:57 UTC 2014


A separate list with more obvious way of joining would benefit regular
users - they can just fill-out a form and get updates. And when they do get
updates, they will be specifically targeted at security.

I'm pretty happy with the mailing list of Wordfence - they have a huge user
base with all kinds of different setups that they can monitor and find
exploits.

PS: I'm not saying that your reports are worthless - the idea is a very
good one and I'm happy that you are donating some of your time towards the
community.


On Fri, Mar 28, 2014 at 6:41 PM, John Blackbourn
<johnbillion+wp at gmail.com>wrote:

> On 28 March 2014 16:38, Harry Metcalfe <harry at dxw.com> wrote:
>
> > Anyone else agree? Who'd join such a list?
> >
> > I'll keep a tally on that too.
> >
> > Though I am a bit surprised at the respondents here who *don't* want to
> > know about vulnerable plugins they may be running...
>
>
> I think a separate mailing list would be a better idea than posting to
> wp-hackers, for the same reason there are separate mailing lists and
> separate IRC channels and separate development blogs for all the various
> aspects of WordPress.
>
> John
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list