[wp-trac] [WordPress Trac] #48190: Show infromation from Plugins Directory into WP-Admin plugins page
WordPress Trac
noreply at wordpress.org
Tue Oct 1 08:33:45 UTC 2019
#48190: Show infromation from Plugins Directory into WP-Admin plugins page
-----------------------------+-----------------------------
Reporter: arberbr | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version:
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
Hello everyone,
This is my first ticket/suggestion here.
First of all, hope this is not a duplicate request.
Recently one of the websites my company has been maintained got hacked:
https://www.wordfence.com/blog/2019/09/rich-reviews-plugin-vulnerability-
exploited-in-the-wild/
Issue was on the Rich Review plugin.
The root cause of the problem was that we had installed on that website
(was a theme requirement) the Rich Review plugins. We kept up to date all
the plugins, WP core itself and themes on that websites and still the
website got hacked.
The general guideline to keep your WordPress website safe is update
everything. In this case though it failed.
It failed because we did not know that the Rich Review plugin was
abandoned.
On plugin directory it clearly tells that the plugin has been closed for
security reasons:
https://wordpress.org/plugins/rich-reviews/
So my question, request is, can it be made that we show this kind of
information right away on the plugins list?
To improve it even further, show a WordPress notice on wp-admin when an
administrater logins and he can directly see that plugin X has been
abandoned or has been closed.
Thank you,
Arber.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48190>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list