[wp-meta] [Making WordPress.org] #7259: Add a "Report a vulnerability" button/link to plugin repo pages
Making WordPress.org
noreply at wordpress.org
Fri Sep 22 10:36:03 UTC 2023
#7259: Add a "Report a vulnerability" button/link to plugin repo pages
------------------------------+---------------------
Reporter: mrfoxtalbot | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Comment (by zodiac1978):
There was a great post from Joost de Valk about this:
https://joost.blog/plugin-security-issues/
Talking about how to report issues, these are not very standardized. Some
places which are mentioned ...
> On the plugin’s webpage / website.
> On the plugin’s GitHub page (preferably through a security policy
Security.md file).
> In the plugin’s readme.txt and thus on the WordPress.org plugin page.
But the plugin creator can also use some vulnerability disclosure program
are have a security.txt on their website with this information.
Customizing the link for reporting in the readme.txt could be one way to
solve this, maybe with a fallback for the form (which is send to the
author and/or to plugins@) if it is not set.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7259#comment:14>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list