[wp-trac] [WordPress Trac] #56275: Check plugins for known vulnerabilities
WordPress Trac
noreply at wordpress.org
Wed Aug 3 10:49:13 UTC 2022
#56275: Check plugins for known vulnerabilities
-------------------------+-------------------------
Reporter: oglekler | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Site Health | Version:
Severity: normal | Resolution: maybelater
Keywords: | Focuses:
-------------------------+-------------------------
Changes (by Clorith):
* status: new => closed
* resolution: => maybelater
* milestone: Awaiting Review =>
Comment:
This would require WordPress.org to maintain a complete list of all
vulnerabilities, including for premium plugins or themes. If that
prerequisite does not exist, then this would offer a false security to
users, and may have a negative impact on the project as a whole.
I'm aware that there are multiple databases of such vulnerabilities, but
to guarantee its existence, and maintainability over the foreseeable
future, it would need to be part of the WordPress.org suite of services
(most of these services also require API keys to use, which is a barrier
of entry to end users if they need to sign up and input data to use core
features in my opinion).
I do like the idea though, but I'm going to mark this as a `maybelater`,
in case the Meta team at any point does implement such a feature, at which
point this is definitely something we would be implementing within core.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56275#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list