Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author krmoorhouse



    Our development team is currently developing an important patch to track down an existing issue in our system. In order to best address that issue, we will be pushing out a completed patch on Monday, which will also include a fix for this issue as well.

    While we appreciate you pointing out this issue to us, we would have preferred that you practiced responsible disclosure in this matter. That would have allowed the least amount of stress on both our team and on our users, who are now more vulnerable due to this early, public report.


    • This reply was modified 1 year, 10 months ago by krmoorhouse.
    Plugin Author krmoorhouse



    It was pointed out to me, after the fact, that I should provide additional information about how to practice responsible disclosure.

    The best method of reporting a security threat in a plugin is to contact the plugin author privately first. In this case, you could reach out to our support staff at

    Once an issue has been publicly reported, anyone that was previously unaware of it now has the option to leverage it, making all users of the software more vulnerable, simply as a result of easily searchable web knowledge.

    If you’d like more information on responsible disclosure, please see

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Ninja forms leaks PHP settings’ is closed to new replies.