@PluginVulnerabilitiesM to WordPress SecurityEnglish • 1 year agoWho could foresee that a plugin would get pulled from the WordPress plugin directory for a security issue when the developer has left in commented out security checks?imagemessage-square4arrow-up17arrow-down10
arrow-up17arrow-down1imageWho could foresee that a plugin would get pulled from the WordPress plugin directory for a security issue when the developer has left in commented out security checks?@PluginVulnerabilitiesM to WordPress SecurityEnglish • 1 year agomessage-square4
minus-square@PluginVulnerabilitiesOPMlinkEnglish3•1 year agoThis is the plugin: https://wordpress.org/plugins/sendpress/ These are security changes the developer made today, which presumably is in response to the plugin being closed for a security issue: https://plugins.trac.wordpress.org/changeset/2990357/ Here is the file from the screenshot: https://plugins.trac.wordpress.org/browser/sendpress/trunk/classes/views/class-sendpress-view-pro.php?rev=2990358 The code in that file is still missing needed security even after the security change made today.
Context please.
This is the plugin: https://wordpress.org/plugins/sendpress/ These are security changes the developer made today, which presumably is in response to the plugin being closed for a security issue: https://plugins.trac.wordpress.org/changeset/2990357/ Here is the file from the screenshot: https://plugins.trac.wordpress.org/browser/sendpress/trunk/classes/views/class-sendpress-view-pro.php?rev=2990358 The code in that file is still missing needed security even after the security change made today.
Thank you for the info