WordPress.org

Support

Support » Plugins and Hacks » background info about latest security change

background info about latest security change

  • Just curious about the background info relating to the latest update.

    I can see that previously the potential attacker could ‘inject’ any kind of cookie to sites running this plugin. I am wondering what kind of attack vectors are prevented now and if there’s any post/info worth reading relating to these? (you mention Matt Cutts and @planetzuda, but I’m not sure what specifically prompted this change?)

    Cheers
    Yoav

    http://wordpress.org/extend/plugins/cookies-for-comments/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hi Yoav.aner,
    Our company inspects plugins and themes. We noticed the security hole in cookies for comments, which Donncha quickly fixed, since he is a really good programmer and understands security. As far as we know no one exploited this hole, we just noticed it could be exploited.

    If you’re interested in security, let us know. We’re working very hard on that topic as we speak and are working on some more security tools we plan to release when they’re done.

    Thanks planetzuda,

    Sounds like you’re doing a great job. I’m trying to understand the *specifics* of the attack vector that you guys discovered. Is there any blog post or further detailed info about what you discovered?

    Cheers
    Yoav

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘background info about latest security change’ is closed to new replies.