[wp-hackers] CSRF vulnerability in WP HTML Sitemap 1.2 (WordPress plugin)

Harry Metcalfe harry at dxw.com
Fri Mar 28 16:38:26 UTC 2014 

Anyone else agree? Who'd join such a list?

I'll keep a tally on that too.

Though I am a bit surprised at the respondents here who *don't* want to 
know about vulnerable plugins they may be running...

Harry


On 28/03/2014 16:37, Nikola Nikolov wrote:
> I'd suggest creating a mailing list - this way people can actually opt-in
> to those emails(so people here that don't want to receive that kind of
> information will not and those who want can sign-up for it).
>
>
> On Fri, Mar 28, 2014 at 6:34 PM, Harry Metcalfe <harry at dxw.com> wrote:
>
>> There must be hundreds or thousands of plugin with security issues. I
>>> don't think everybody will be interested to know vulnerabilities in
>>> them.
>>>
>> I'm honestly not sure how to respond to that. I don't think I know anyone
>> who doesn't care about having an exploitable website. I agree that there
>> are hundreds of vulnerable plugins. That's what we're trying to help fix,
>> because it's unacceptable!
>>
>>
>>   I guess most of the user of the plugin are not going to read this.
>> We'll do the best we can to make sure everyone who is interested will find
>> out. We currently:
>>
>>   * Publish to our website
>>   * Tweet from @dxwsecurity
>>   * Post to wp-hackers and Full Disclosure
>>   * Request a CVE
>>
>> If you have any ideas about how we can spread the word more, I'm all ears.
>>
>> Harry
>>
>>
>>
>> On 28/03/2014 16:06, Varun Agrawal wrote:
>>
>>> Hi Harry,
>>>
>>>   It was my assumption that this list would be interested to know about
>>>> vulnerable plugins.
>>>>
>>> There must be hundreds or thousands of plugin with security issues. I
>>> don't think everybody will be interested to know vulnerabilities in
>>> them.
>>>
>>>
>>>   we are disclosing the vulnerability in order that anyone using this
>>>> plugin can take steps to protect themselves.
>>>>
>>> I guess most of the user of the plugin are not going to read this.
>>>
>>>
>>> -Varun
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>> --
>> Harry Metcalfe
>> 07790 559 876
>> @harrym
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

-- 
Harry Metcalfe
07790 559 876
@harrym

More information about the wp-hackers mailing list