[wp-trac] [WordPress Trac] #56275: Check plugins for known vulnerabilities

WordPress Trac noreply at wordpress.org
Wed Aug 3 10:49:13 UTC 2022


#56275: Check plugins for known vulnerabilities
-------------------------+-------------------------
 Reporter:  oglekler     |       Owner:  (none)
     Type:  enhancement  |      Status:  closed
 Priority:  normal       |   Milestone:
Component:  Site Health  |     Version:
 Severity:  normal       |  Resolution:  maybelater
 Keywords:               |     Focuses:
-------------------------+-------------------------
Changes (by Clorith):

 * status:  new => closed
 * resolution:   => maybelater
 * milestone:  Awaiting Review =>


Comment:

 This would require WordPress.org to maintain a complete list of all
 vulnerabilities, including for premium plugins or themes. If that
 prerequisite does not exist, then this would offer a false security to
 users, and may have a negative impact on the project as a whole.

 I'm aware that there are multiple databases of such vulnerabilities, but
 to guarantee its existence, and maintainability over the foreseeable
 future, it would need to be part of the WordPress.org suite of services
 (most of these services also require API keys to use, which is a barrier
 of entry to end users if they need to sign up and input data to use core
 features in my opinion).

 I do like the idea though, but I'm going to mark this as a `maybelater`,
 in case the Meta team at any point does implement such a feature, at which
 point this is definitely something we would be implementing within core.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/56275#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list