10 months ago
0
0
0
0
Posts by Plugin Vulnerabilities
WordPress Firewall Plugin Claimed to Protect Against "Any Threat" Doesn't Stop Even One Simulated Attack From Firewall Testing Tool
10 months ago
0
0
0
0
Patchstack Now Withholding Misappropriated Information Needed to Secure Plugins in WordPress Plugin Directory From WordPress
10 months ago
0
0
0
0
10 months ago
0
0
0
0
Perhaps you could explain to your members that they shouldn't lie about the CRA as an excuse to withhold security vulnerability information from the open source WordPress project. Which is putting millions of websites at unnecessary risk of security issues.
10 months ago
0
0
0
0
The WordPress Meta team holding up the community once again.
10 months ago
0
0
0
0
Also worth re-upping is that Five for the Future pledges are in general highly suspect.
It is one of the many things that are need of reform with WordPress.
10 months ago
0
0
0
0
With Automattic announcing a return to contributing to WordPress, it's worth noting that there hasn't been a change with the cited reasons they gave for reducing their contributions in January.
WP Engine's lawsuit is still on and they haven't boosted their contributions.
10 months ago
0
0
1
0
WP Engine Study Finds That Security Is Somehow Considered One of WordPress' Benefits and Also Disadvantages
10 months ago
0
0
0
0
Advertisement
The unfixed vulnerability that support forum discussion is about is something we posted was likely being targeted by a hacker last week.
10 months ago
0
0
0
0
Are you going to cover how Patchstack is refusing to provide WordPress with information needed to properly handle vulnerable plugins? This is leading to websites remaining vulnerable to easily fixed vulnerabilities.
10 months ago
0
0
1
0
Patchstack are claiming the EU Cyber Resilience Act (CRA) requires this.
It isn't the first time they have lied about that act.
10 months ago
0
0
0
0
The US Government through their funding of CVE is also supporting this.
10 months ago
0
0
1
0
Joost de Valk (@joost.blog) is funding what is basically a man-in-the-middle (MiTM) attack against WordPress.
10 months ago
0
0
1
0
Patchstack tries to get people to report plugin vulnerabilities to them instead of developers or WordPress. Now they are refusing to provide the information to WordPress.
10 months ago
0
0
1
0
Advertisement
Would anyone guess that this changelog entry for a WordPress plugin with 2+ million installs was referring to fixing a vulnerability?:
"Improved context-dependent escaping in dynamic content tags."
10 months ago
0
0
1
0
"we always take security seriously" - WordPress plugin developer who still hasn't fixed an exploitable vulnerability two months after apparently being notified of it
10 months ago
0
0
0
0
Is anyone keeping track of incident reports that haven't even received a response?
We still haven't received a response for one we filed in January of last year. It involved, among other things, returning a known vulnerable plugin to the plugin directory.
10 months ago
1
0
2
0
Patchstack claimed today that over 100,000 websites are affected, but as we noted last week, it is significantly less than that.
10 months ago
0
0
0
0
A WordPress plugin with 100,000 installs has an unfixed vulnerability being targeted by a hacker and Patchstack's response is to suggest you pay them $5 a month for a firewall rule they call a "patch".
WordPress could release a real patch for free. We would provide them with the patch for free.
10 months ago
0
0
1
0
In other areas the team are still failing pretty badly. A situation like this one this shouldn't happen. We have offered for years to provide fixes to stop this sort of thing from happening, and yet it keeps happening. 2/2
10 months ago
0
0
0
0
As we said in a comment we just left on the post, it is great that automated testing finally got implemented, as it has addressed a lot of issues that should have been caught for a long time.
But there still look to significant problems with the review process, like this. 1/2
10 months ago
0
0
1
0
10 months ago
0
0
0
0
Long Overdue Security Review of WordPress Would Cost Only 0.25% of WP Engine's Estimate of Cost of One WordPress Website
10 months ago
0
0
0
0
Advertisement
Mary Hubbard goes on to say "If we continue to center empathy, transparency, and the shared goal of making WordPress better for everyone, we won’t just be stronger. We’ll be ready for whatever comes next."
When has WordPress centered transparency?
10 months ago
0
0
0
0
Mary Hubbard:
"Rotating roles can help us avoid centralizing too much authority in any one place, and it guards against the single points of failure that open source and communities should always aim to minimize."
Is rotating roles going to apply to her boss Matt Mullenweg?
10 months ago
0
0
1
0
WordPress Hasn't Addressed Hacker Targeted Plugin With 100,000+ Installs That Has Unfixed "Critical" Vulnerability
10 months ago
0
0
0
0
8 months after a vulnerability was reported to someone, it still hasn't been fixed.
It's unclear what happened here, but the developer claims that the vulnerability was reported to @patchstack.com instead of to them. They say Patchstack made a public claim after 6 months, but didn't notify them.
11 months ago
0
0
0
0