WordPress.org

Ready to get started?Download WordPress

Forums

Vitamin
[resolved] Security issue (10 posts)

  1. Julio Potier
    Member
    Posted 2 years ago #

    Hello

    There is a big huge fat security issue in this plugin, can you contact me asap ? [ email redacted ]
    I do not want to give details here ...

    See you !

    ps : in 48h i'll contact wordpress.org if you did not answer this

    http://wordpress.org/extend/plugins/vitamin/

  2. Or... instead of waiting you can contact plugins [at] wordpress.org now and they can contact the author directly via email or remove the plugin.

    That would be more responsible IMHO.

  3. Julio Potier
    Member
    Posted 2 years ago #

    Mika Epstein told me that i had to contact author first ... then if no response, email p @ wp.org :| So what now ?

  4. SEO Peter
    Member
    Plugin Author

    Posted 2 years ago #

    Email sent

  5. In all things, I defer to Mika. She's very wise. ;)

    The author is SEO Peter and his page http://vitamin.seopeter.com/vitamin-1-0-0-is-here/ has your comment as well as his reply.

    Hopefully you'll get that email he mentioned in his comment reply and you can sort out the security issue with him.

    Edit: And there's the reply!

  6. SEO Peter
    Member
    Plugin Author

    Posted 2 years ago #

    Please note, that this is my first GPL released plugin here in wordpress.org. Even if there were a few testers, there may be an error or some security issues.

    Any help from you guys is very ... helpful.

    Any security issues will be repaired as soon as possible.

    Thanks for every your reaction!

  7. Julio Potier
    Member
    Posted 2 years ago #

    ;)

  8. SEO Peter
    Member
    Plugin Author

    Posted 2 years ago #

    Guys, I did everything, that is written in http://wordpress.org/extend/plugins/about/svn/ in Task 3: "Tagging" a new version, but there is still version 1.0.0 not 1.1.

    And I updated both files, where were problems.

    Is there something, how to force it?

  9. Julio Potier
    Member
    Posted 2 years ago #

    Do not let people use the 1.0.0! It's vulnerable ...
    Why can we keep old version ? In case of multiple WordPress comptibility version.
    Here, the 1.0.0 have to be upgraded, not downloaded anymore.
    I recommand to use "Stable Tag: trunk" in your "readme.txt" in place of 1.1

    Also, i just mailed you some others flaws. See you !

  10. SEO Peter
    Member
    Plugin Author

    Posted 2 years ago #

    Security issue (that we talked) solved in version 1.1.0
    Minor security issues solved in 1.2.0.

    Big thanks, Julio Potier!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.