via pluginvulnerabilities.com => original post link
For years, Mika Epstein has been causing problems for the WordPress community in their role as the head of the WordPress Plugin Review team, which controls the WordPress Plugin Directory. Thankfully, they have now left the team for largely unexplained reasons. Before they did that, they brought in new team members without allowing the WordPress community to be involved in the process. That is in line with the decidedly non open source nature of that team, which hasn’t produced good results in so many ways (one example being vulnerable plugins being pulled and returned without the vulnerabilities being fixed).
As Mika Epstein was leaving, 6 new members of the team were announced. Considering the problems with the existing team’s security reviewer, who remains on the team, we were curious to see if new security expertise was being brought in. Looking over the new team members’ WordPress profiles, we didn’t see any indications of that. But we did run across one of them with a plugin that it was fairly easy to spot as containing vulnerabilities and another concerning issue. [Read more]