Welcome to ManageWP.org

Register to share, discuss and vote for the best WordPress stories every day, find new ideas and inspiration for your business and network with other members of the WordPress community. Join the #1 WordPress news community!

×

Postman SMTP Plugin With Unpatched Vulnerability Removed From Directory

wordfence.com | Oct. 6, 2017 | 1 min read

Looks like another plugin has gone down. This time due to a XSS vulnerability.

15 votes   Flag
Plugin Vulnerabilities

The "unnamed security researcher" referred to in that is actually us, www.pluginvulnerabilities.com/2017/06/29/reflected-cross-site-scripting-xss-vulnerability-in-postman-smtp/. Wordfence didn't want people to know that we discovered the vulnerability for some reason.

Wordfence is also avoiding getting behind or even mentioning an effort to get WordPress to start alerting people directly when plugins are removed from the Plugin Directory and telling them why the plugins have been removed, wordpress.org/ideas/topic/alert-when-installed-plugins-have-been-removed-from-the-plugin-directory.

Reply