We recently had a strange interaction with the team running the WordPress Plugin Directory over their failure to make sure a likely exploited vulnerability was fixed. It was yet another example of their poor handling of security. That runs counter Continue reading WordPress Plugin Team Appears to Not Understand Proper Use of SQL Escaping Function esc_sql()
In October 2022, after a very questionable action taken by the team running the WordPress’ Plugin Directory that was alleged by some to have been done to the benefit of the for-profit company from head of WordPress, we noted that Continue reading WordPress Stops Disclosing if Plugin Directory Team Works for Automattic After at Least Two Employees Secretly Joined Team
For years, the handling of security of the WordPress Plugin Directory has been rather poor, caused by a multitude of issues. In addition to the problems with their handling of security, there hasn’t been a willingness to work with the Continue reading Hacker Targeted WordPress Plugin Returns to Plugin Directory Without Update For Exploitable Vulnerability
When someone goes to submit a plugin to the WordPress Plugin Directory, they are told it will go through a manual review before it is allowed in: After your plugin is manually reviewed, it will either be approved or you Continue reading WordPress’ Manual Review Fails to Notice Security Provider’s Plugin Is Both Completely Broken and Is Fundamentally Insecure