• Hi,
    Is there any rules about triaging security vulnerabilities in plugins?

    I was a fan of Form Lightbox {DEAD LINK}, a simple plugin that let you embed a form in a lightbox.

    There’s a giant security hole in the plugin. I’ve had 4 sites exploited using it. A simple google search reveals a number of others that have been bitten.

    If www.remarpro.com pull the plugin , and the author fails to patch it, and make it available again, can someone else step up, take it over and issue a patch?

    Otherwise, those affected are left high and dry (until they find out how their sites are being pwned, by other means).

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Plugin disappears from repo as vulnerability is revealed?’ is closed to new replies.