Note: I’ll be using Hello Dolly as my example ‘bad’ plugin for this post. It’s fine and not (to my knowledge) vulnerable. There are a few reasons people report plugins but the main two are as follows: Guideline violations Security vulnerabilities If you report a plugin, you can make everyone’s life easier if you do the following: Verify that it’s still applicable Before you do anything, check if the exploit is on the latest version of the code or not. If it’s not, we may not do anything about it, depending on how popular the plugin is. Use a good subject line “Plugin Vulnerability” is actually not good at all. “Plugin Vulnerability in Hello Dolly – 0 Day” is great. Send it in plain text SupportPress is a simple creature. It doesn’t like your fancy fonts and inline images. Attachments are fine, but we cannot read your ‘Replies in-line in red’ so just keep it simple. Link to the plugin Yes, it’s that easy. Put the URL on it’s own line, no punctuation around it, for maximum compatibility. With over 35k plugins, and a lot with similar names, don’t assume, link. If the plugin is not hosted on, I’m sorry, but there’s nothing we can
Share This