Full Disclosure mailing list archives

Re: A question for the list - WordPress plugin inspections

From: Henri Salo <henri () nerv fi>
Date: Thu, 20 Feb 2014 09:53:56 +0200

On Wed, Feb 19, 2014 at 08:58:49PM +0000, Harry Metcalfe wrote:

Hi Seth,

There really isn't time for us to do that, in the context of an
inspection. It's a very light-touch assessment.

When we find vulnerabilities we do also report those, after working
with the vendor. And they are more detailed. For example:

https://security.dxw.com/advisories/moving-any-file-php-user-has-access-to-in-bp-group-documents-1-2-1/

Harry


People behind plugins () wordpress org can help you with coordination. They can
also disable plugins so that there won't be new installations before maintainer
fixes issues. Note that security@ address should not be contacted when dealing
with plugin issues. It is important to get vulnerabilities fixed in upstream
codebase. I can also help you with communication, verification and such in my
own time.

---
Henri Salo

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

A question for the list - WordPress plugin inspections Harry Metcalfe (Feb 19)
- Re: A question for the list - WordPress plugin inspections Seth Arnold (Feb 19)
  - Re: A question for the list - WordPress plugin inspections Harry Metcalfe (Feb 19)
    - Re: A question for the list - WordPress plugin inspections Thomas MacKenzie (Feb 19)
    - Re: A question for the list - WordPress plugin inspections Henri Salo (Feb 20)
  - Re: A question for the list - WordPress plugin inspections Jerome Athias (Feb 20)
    - Re: A question for the list - WordPress plugin inspections Harry Metcalfe (Feb 20)
    - Re: A question for the list - WordPress plugin inspections Jerome Athias (Feb 20)