[wp-meta] [Making WordPress.org] #7259: Add a "Report a vulnerability" to plugins
Making WordPress.org
noreply at wordpress.org
Thu Sep 7 16:33:30 UTC 2023
#7259: Add a "Report a vulnerability" to plugins
------------------------------+--------------------
Reporter: mrfoxtalbot | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Keywords:
------------------------------+--------------------
Contributors who have been involved with the project long enough know that
they should email plugins at wordpress.org to report vulnerabilities. On the
other hand, newer contributors are often not aware of this and will
discuss or disclose vulnerabilities in the plugin's forum and in other
places.
The plugins team has been discussing the idea of adding a visible "Report
a vulnerability" button or link somewhere in the plugin page itself.
Clicking on this button could show a form that would be sent to the
plugins team email. If we want to make it even simpler, the link would
take the user to the [https://developer.wordpress.org/plugins/wordpress-
org/plugin-security/reporting-plugin-security-issues/ relevant handbook
page]
The idea is to provide a very simple path for new users to report
vulnerabilities in the correct way.
This ticket is a simplified version of the idea proposed in #6939
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7259>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list