Title: nitstorm's Replies | WordPress.org --- # nitstorm [ ](https://wordpress.org/support/users/nitstorm/) * [Profile](https://wordpress.org/support/users/nitstorm/) * [Topics Started](https://wordpress.org/support/users/nitstorm/topics/) * [Replies Created](https://wordpress.org/support/users/nitstorm/replies/) * [Reviews Written](https://wordpress.org/support/users/nitstorm/reviews/) * [Topics Replied To](https://wordpress.org/support/users/nitstorm/replied-to/) * [Engagements](https://wordpress.org/support/users/nitstorm/engagements/) * [Favorites](https://wordpress.org/support/users/nitstorm/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 41 total) 1 [2](https://wordpress.org/support/users/nitstorm/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/nitstorm/replies/page/3/?output_format=md) [→](https://wordpress.org/support/users/nitstorm/replies/page/2/?output_format=md) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Global Gateway e4 | Payeezy Gateway |] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-5/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 10 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-5/#post-6195267) * DonnellC, * Thank you. A full disclosure will be published within a couple of days and I’ll be making a CVE request for the issue. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Global Gateway e4 | Payeezy Gateway |] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-5/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 11 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-5/#post-6195252) * It would be your opinion that you feel it is a WordPress issue and not the plugin’s. * Please do release the fix at the soonest since you already have it. I don’t think you realise the severity of the vulnerability issue present in your plugin. If an update is not made soon, I will be forced to escalate the issue to the WordPress Plugins team. * Please also feel free to mail the WordPress Plugins team yourself to confirm if this is a real and valid security vulnerability or not. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[ULTIMATE TABLES] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-9/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 11 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-9/#post-6246976) * Hi, * Could you please provide me with an e-mail ID that I can send my report to, ( incase you missed the one sent earlier)? * Thanks & regards, Nitin Venkatesh * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Writing Guide] No response to email](https://wordpress.org/support/topic/no-response-to-email-1/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 11 months ago](https://wordpress.org/support/topic/no-response-to-email-1/#post-6248761) * Hi, * Any updates for the security fix? Please do write back since it has been more than a month since the report was mailed to you. * Thanks & regards, Nitin Venkatesh * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[NEX-Forms - Ultimate Forms Plugin for WordPress] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 11 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities/#post-6151568) * Hi, * Could you please update me on the situation regarding a solution to the issues reported? * Thanks & regards, Nitin Venkatesh * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Social Share Boost] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-2/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 11 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-2/#post-6182262) * Thank you Garrett for the update. As mentioned in the e-mail conversation, a disclosure with the Proof-of-Concept code will be published on Aug 9,2015 (45 days from the day of update release). * Thanks & regards, Nitin Venkatesh * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Responsive Slider - Image Slider - Slideshow for WordPress] No response to email](https://wordpress.org/support/topic/no-response-to-email/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 11 months ago](https://wordpress.org/support/topic/no-response-to-email/#post-6160448) * Hi, * I’m glad to hear that the issues have been fixed. I have contacted you by email. Hope you received it. * Thanks & regards, Nitin Venkatesh * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Social Share Boost] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-2/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 11 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-2/#post-6182258) * Hi Garrett, * Thank you. I have written to you at the specified contact form. Please do get back to me should you require any further information. * Thanks & regards, Nitin * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Global Gateway e4 | Payeezy Gateway |] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-5/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 12 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-5/#post-6195247) * The point of a CSRF is hijacking an authenticated user’s session. So yes, the PoC will not work if the user is signed out. * And CSRF is indeed a security vulnerability. Infact, it’s among OWASP’s Top 10– [https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF)](https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF)) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[WP Mass Delete] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-8/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 12 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-8/#post-6219864) * Thank you, * A disclosure regarding this issue will be published on August 4, 2015 (45 days from patch) and I will try to get a CVE assigned to the issue. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[CyberSEO Lite - RSS, News Feeds, Video Feeds, Autoblogging, SEO and More!] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-7/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 12 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-7/#post-6219863) * I’m very sorry to hear that. And no, I’m not happy. I have no reason to be. I was forced to escalate the situation to the WordPress team since I hadn’t heard from you in a long time or received an acknowledgement. The timeline was as follows: 2015-06-06 – Mailed developer 2015-06-11 – Contacted developer on the forums. 2015-06-19 – Mailed WordPress team. * That said, there are a lot of other online marketplaces for WordPress Plugins and Themes including Envato – [http://market.envato.com/](http://market.envato.com/). You could also host your svn tree at GitHub/BitBucket. * Once again, I’m sorry to hear about your plugin. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[CyberSEO Lite - RSS, News Feeds, Video Feeds, Autoblogging, SEO and More!] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-7/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 12 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-7/#post-6219859) * Hi, * I agree with you that it is the responsibility of the person installing a plugin to use only reliable feeds. I’ve replied to your comment via an e-mail since it deals with the specifics of the report. Please do read it and you’ll see that it is indeed a legitimate vulnerability. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Global Gateway e4 | Payeezy Gateway |] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-5/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 12 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-5/#post-6195244) * Hi, * Still waiting for an update on the fix. Please do respond soon as the vulnerability details are public as per your previous request. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Analyticator] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-1/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [10 years, 12 months ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-1/#post-6182251) * Hi Garrett, * Thank you for publishing the fix. Since the issue was made public a while back, I’d like to publish a disclosure report on the Full Disclosure mailing list and then request for a CVE in the oss-sec mailing list. I hope this is okay with you. * Nitin * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Social Share Boost] Discovered security vulnerabilities](https://wordpress.org/support/topic/discovered-security-vulnerabilities-2/) * Thread Starter [nitstorm](https://wordpress.org/support/users/nitstorm/) * (@nitstorm) * [11 years ago](https://wordpress.org/support/topic/discovered-security-vulnerabilities-2/#post-6182246) * Hi Plugin Authors, * Could you please acknowledge this thread and is there an email ID I can send the report to? * Nitin Viewing 15 replies - 1 through 15 (of 41 total) 1 [2](https://wordpress.org/support/users/nitstorm/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/nitstorm/replies/page/3/?output_format=md) [→](https://wordpress.org/support/users/nitstorm/replies/page/2/?output_format=md)