oss-sec mailing list archives
Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 21 Jan 2026 11:51:26 +0100
On Tue, 20 Jan 2026 19:26:57 +0000 Moritz Mühlenhoff <jmm () inutil org> wrote:
But on a more general level, please let's avoid posting WordPress plugin vulnerabilities on oss-sec. Looking at the Debian Security Tracker there are have been 9773 CVE IDs on WordPress plugins in 2025, they are not packaged in any Linux distribution and posting a few individual ones really misses the "There has to be desirable information for others in the Open Source community" aspect of the list charter.
Erh... I disagree. * My understanding of the oss-security list is that it is about the wider Open Source ecosystem, not limited to "stuff packaged in Linux distributions". * Wordpress plugin security is certainly part of Open Source security, and, IMHO, a relevant topic and completely on-topic on this list. * We currently do not have a problem with a flood of Wordpress plugin security issues posted to this list. If that would be a problem, we could deal with it by having a separate list for it, but until then, I think it's completely fine to have such posts every now and then. * My experience with Wordpress plugin issues is that, unfortunately, often the public information available is quite limited. I appreciate when security researchers share information about such vulnerabilities, and, from a brief read, the original mail of this thread looks like a good description of a valid security vulnerability. -- Hanno Böck - Independent security researcher https://itsec.hboeck.de/ https://badkeys.info/
Current thread:
- WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality mohammed gaming 222 (Jan 20)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Moritz Mühlenhoff (Jan 20)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Hanno Böck (Jan 21)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Soatok Dreamseeker (Jan 21)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Hanno Böck (Jan 21)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Alan Coopersmith (Jan 20)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Moritz Mühlenhoff (Jan 20)
