WordPress.org

Ready to get started?Download WordPress

Forums

Cookies for Comments
background info about latest security change (3 posts)

  1. yoav.aner
    Member
    Posted 1 year ago #

    Just curious about the background info relating to the latest update.

    I can see that previously the potential attacker could 'inject' any kind of cookie to sites running this plugin. I am wondering what kind of attack vectors are prevented now and if there's any post/info worth reading relating to these? (you mention Matt Cutts and @planetzuda, but I'm not sure what specifically prompted this change?)

    Cheers
    Yoav

    http://wordpress.org/extend/plugins/cookies-for-comments/

  2. planetzuda
    Member
    Posted 1 year ago #

    Hi Yoav.aner,
    Our company inspects plugins and themes. We noticed the security hole in cookies for comments, which Donncha quickly fixed, since he is a really good programmer and understands security. As far as we know no one exploited this hole, we just noticed it could be exploited.

    If you're interested in security, let us know. We're working very hard on that topic as we speak and are working on some more security tools we plan to release when they're done.

  3. yoav.aner
    Member
    Posted 1 year ago #

    Thanks planetzuda,

    Sounds like you're doing a great job. I'm trying to understand the *specifics* of the attack vector that you guys discovered. Is there any blog post or further detailed info about what you discovered?

    Cheers
    Yoav

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.