Cookies for Comments
background info about latest security change (3 posts)

  1. yoav.aner
    Posted 3 years ago #

    Just curious about the background info relating to the latest update.

    I can see that previously the potential attacker could 'inject' any kind of cookie to sites running this plugin. I am wondering what kind of attack vectors are prevented now and if there's any post/info worth reading relating to these? (you mention Matt Cutts and @planetzuda, but I'm not sure what specifically prompted this change?)



  2. planetzuda
    Posted 3 years ago #

    Hi Yoav.aner,
    Our company inspects plugins and themes. We noticed the security hole in cookies for comments, which Donncha quickly fixed, since he is a really good programmer and understands security. As far as we know no one exploited this hole, we just noticed it could be exploited.

    If you're interested in security, let us know. We're working very hard on that topic as we speak and are working on some more security tools we plan to release when they're done.

  3. yoav.aner
    Posted 3 years ago #

    Thanks planetzuda,

    Sounds like you're doing a great job. I'm trying to understand the *specifics* of the attack vector that you guys discovered. Is there any blog post or further detailed info about what you discovered?


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Cookies for Comments
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.