Security hole on plugin directory? (2 posts)

  1. wpmubp
    Posted 6 years ago #

    Author of Contact Form 7 just found its fork (fake) version named Contact Form 8 on plugin directory, as he requests the author to change settings.

    But how come someone takayukister never knows can submit plugin to directory using the id (takayukister)? Does this mean someone hacked into wordpress.org database, stoll account from takayukister?


    wtf is this?

  2. wpmubp
    Posted 6 years ago #

    It seems its fixed, but the problem is the plugin directory should only allow submission from the original user. With current system, it seems, i.e. I could upload virus containig copy of a plugin with the name of original author.

Topic Closed

This topic has been closed to new replies.

About this Topic