[wp-meta] [Making WordPress.org] #7259: Add a "Report a vulnerability" button/link to plugin repo pages

Fri Sep 22 10:36:03 UTC 2023

#7259: Add a "Report a vulnerability" button/link to plugin repo pages
------------------------------+---------------------
 Reporter:  mrfoxtalbot       |       Owner:  (none)
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:
Component:  Plugin Directory  |  Resolution:
 Keywords:                    |
------------------------------+---------------------

Comment (by zodiac1978):

 There was a great post from Joost de Valk about this:
 https://joost.blog/plugin-security-issues/

 Talking about how to report issues, these are not very standardized. Some
 places which are mentioned ...

 > On the plugin’s webpage / website.
 > On the plugin’s GitHub page (preferably through a security policy
 Security.md file).
 > In the plugin’s readme.txt and thus on the WordPress.org plugin page.

 But the plugin creator can also use some vulnerability disclosure program
 are have a security.txt on their website with this information.

 Customizing the link for reporting in the readme.txt could be one way to
 solve this, maybe with a fallback for the form (which is send to the
 author and/or to plugins@) if it is not set.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/7259#comment:14>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org