|
Full Disclosure
mailing list archives
Re: A question for the list - WordPress plugin inspections
From: Henri Salo <henri () nerv fi>
Date: Thu, 20 Feb 2014 09:53:56 +0200
On Wed, Feb 19, 2014 at 08:58:49PM +0000, Harry Metcalfe wrote:
Hi Seth,
There really isn't time for us to do that, in the context of an
inspection. It's a very light-touch assessment.
When we find vulnerabilities we do also report those, after working
with the vendor. And they are more detailed. For example:
https://security.dxw.com/advisories/moving-any-file-php-user-has-access-to-in-bp-group-documents-1-2-1/
Harry
People behind plugins () wordpress org can help you with coordination. They can
also disable plugins so that there won't be new installations before maintainer
fixes issues. Note that security@ address should not be contacted when dealing
with plugin issues. It is important to get vulnerabilities fixed in upstream
codebase. I can also help you with communication, verification and such in my
own time.
---
Henri Salo
Attachment:
signature.asc
Description: Digital signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
