Last week two very popular plugins, WooCommerce and WordPress SEO, identified, fixed, and disclosed security issues. The details of these vulnerabilities are now publicly available, which allows other developers to learn from their mistakes. In a previous article for Torque, I discussed the importance of responsibly disclosing security issues. To get a better understanding of this in relation to the recent vulnerabilities I reached out to James Golovich, a WordPress developer who recently discovered security issues in WP All Import, Easy Digital Downloads, and IgnitionDeck as well as several other plugins and themes, which he details on his highly informative blog. James’ site not only educates developers on how to avoid making the same mistakes, but also provides an excellent example of responsible disclosure and good cooperation where developers act swiftly to protect their users. Lately, there have been lots of security vulnerability disclosures in several WordPress plugins. And, while publicly announcing these vulnerabilities may damage WordPress’ reputation, the speed at which these issues are being resolved shows the strength of our community. No software is perfect or will ever
Share This