[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)
cheeks at swcp.com
Fri Mar 28 21:19:03 UTC 2014
I like that idea too.
For anyone interested, @exploitdb on twitter posts exploits in all
manner of software, including many web apps, including WP plugins.
(I have nothing to do with it, I just follow it).
On Sat, Mar 29, 2014 at 08:03:59AM +1100, Daniel wrote:
> That's a better way of doing things
> On 3/29/14, Dino Termini <dino at duechiacchiere.it> wrote:
> > Again, I think this should be added to wp core, and managed through the
> > repo. When a plugin is removed from the repo, or better "deactivated" (not
> > downloadable but with a big red warning saying why, just like they do for
> > plugins older than 2 years), people get a notice in their admin telling them
> > what happened. Only a few geeks (including myself) would check that other
> > mailing list, leaving the majority of wp users unprotected.
> > Should I file a request on trac?
> > Dino
> > On March 28, 2014 4:54:30 PM EDT, Tom Barrett <tcbarrett at gmail.com> wrote:
> >>Most of all, I'd like it if people trimmed their emails to be less
> >>I think what Harry is doing is a good thing, and I want to be aware of
> >>security issues with wordpress.org plugins (as well as any others).
> >>I'm happy for security reports, as per Harry's recent ones, to be
> >>wp-hackers mailing list
> >>wp-hackers at lists.automattic.com
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> Daniel Fenn
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
Mark Costlow | Southwest Cyberport | Fax: +1-505-232-7975
cheeks at swcp.com | Web: www.swcp.com | Voice: +1-505-232-7992
Mail Minder - Intelligent Push Notifications for Email on the iPhone
http://mailminderapp.com/download or in the App Store
More information about the wp-hackers