I noticed following issue: http://www.securityfocus.com/bid/54368/info
Is this valid security vulnerability? Have you fixed this in some version already? Is there CVE available for this?
Thanks for your alert. Yes the problem wads solved since last version.
Hope you enjoy our plugin.
In the future could you please include changes to changelog (in your http://plugins.svn.wordpress.org/wppageflip/trunk/readme.txt). It would be also nice if you wouldn't remove old changelogs when you release new version. Also there should be CVE <http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures> for communicating about this issue. For example I want to tell users to update to at least version, which fixed this security vulnerability. LFI vulnerability could be used for example to read WordPress installation configuration file.
If this security vulnerability is indeed still missing CVE I could request one if that is OK for you (e.g. you haven't done so already)? Could you tell me what version of the plugin is patched, thanks?
I'm just trying to help here :)
Other reference URL: http://osvdb.org/83667
Great to read this, I really appreciated constructive ideas like yours.
Next release will integrate your comments.
You must log in to post.