There has been a recent onslaught of security vulnerabilities in some popular community and premium plugins. The most recent include WordPress SEO, Pods and Gravity Forms. Each of these plugins were vulnerable to Blind SQL Injection and all were similar in nature. But there have been several others including a MailPoet’s file upload vulnerability disclosed by Sucuri and the WP All Import remote code execution that I remember seeing. I saw several tweets this morning from the founder of Gravity Forms in which he was very upset at how these vulnerabilities were disclosed. I remember seeing a blog post from MailPoet who was upset about a vulnerability discovered in their product and how it was disclosed as well. In Computer Security there is a term known as Responsible Disclosure. In a nutshell “Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details.” So what’s happening is WordPress vulnerabilities are being discovered and the person who discovers it may, may not or may party follow
Share This