Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author krmoorhouse

    (@krmoorhouse)

    @lonesomewalker

    Our development team is currently developing an important patch to track down an existing issue in our system. In order to best address that issue, we will be pushing out a completed patch on Monday, which will also include a fix for this issue as well.

    While we appreciate you pointing out this issue to us, we would have preferred that you practiced responsible disclosure in this matter. That would have allowed the least amount of stress on both our team and on our users, who are now more vulnerable due to this early, public report.

    -KR

    • This reply was modified 5 months, 3 weeks ago by krmoorhouse.
    Plugin Author krmoorhouse

    (@krmoorhouse)

    *Context*

    It was pointed out to me, after the fact, that I should provide additional information about how to practice responsible disclosure.

    The best method of reporting a security threat in a plugin is to contact the plugin author privately first. In this case, you could reach out to our support staff at ninjaforms.com/contact

    Once an issue has been publicly reported, anyone that was previously unaware of it now has the option to leverage it, making all users of the software more vulnerable, simply as a result of easily searchable web knowledge.

    If you’d like more information on responsible disclosure, please see https://blog.detectify.com/2018/02/27/guide-responsible-disclosure/

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.