[wp-meta] [Making WordPress.org] #7259: Add a "Report a vulnerability" to plugins

Making WordPress.org noreply at wordpress.org
Thu Sep 7 16:33:30 UTC 2023


#7259: Add a "Report a vulnerability" to plugins
------------------------------+--------------------
 Reporter:  mrfoxtalbot       |      Owner:  (none)
     Type:  enhancement       |     Status:  new
 Priority:  normal            |  Milestone:
Component:  Plugin Directory  |   Keywords:
------------------------------+--------------------
 Contributors who have been involved with the project long enough know that
 they should email plugins at wordpress.org to report vulnerabilities. On the
 other hand, newer contributors are often not aware of this and will
 discuss or disclose vulnerabilities in the plugin's forum and in other
 places.

 The plugins team has been discussing the idea of adding a visible "Report
 a vulnerability" button or link somewhere in the plugin page itself.

 Clicking on this button could show a form that would be sent to the
 plugins team email. If we want to make it even simpler, the link would
 take the user to the [https://developer.wordpress.org/plugins/wordpress-
 org/plugin-security/reporting-plugin-security-issues/ relevant handbook
 page]

 The idea is to provide a very simple path for new users to report
 vulnerabilities in the correct way.

 This ticket is a simplified version of the idea proposed in #6939

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/7259>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list