[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)
Harry Metcalfe
harry at dxw.com
Fri Mar 28 16:34:03 UTC 2014
> There must be hundreds or thousands of plugin with security issues. I
> don't think everybody will be interested to know vulnerabilities in
> them.
I'm honestly not sure how to respond to that. I don't think I know
anyone who doesn't care about having an exploitable website. I agree
that there are hundreds of vulnerable plugins. That's what we're trying
to help fix, because it's unacceptable!
> I guess most of the user of the plugin are not going to read this.
We'll do the best we can to make sure everyone who is interested will
find out. We currently:
* Publish to our website
* Tweet from @dxwsecurity
* Post to wp-hackers and Full Disclosure
* Request a CVE
If you have any ideas about how we can spread the word more, I'm all ears.
Harry
On 28/03/2014 16:06, Varun Agrawal wrote:
> Hi Harry,
>
>> It was my assumption that this list would be interested to know about vulnerable plugins.
> There must be hundreds or thousands of plugin with security issues. I
> don't think everybody will be interested to know vulnerabilities in
> them.
>
>
>> we are disclosing the vulnerability in order that anyone using this plugin can take steps to protect themselves.
> I guess most of the user of the plugin are not going to read this.
>
>
> -Varun
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
--
Harry Metcalfe
07790 559 876
@harrym
More information about the wp-hackers
mailing list