Robert Rowley has been monitoring insecure WordPress plugins which exposed PHP objects to potential injection on Pagely servers — and shares how they addressed the issue. There are several interesting takeaways, but I especially liked his note about communicating with plugin authors:
Plugin security reporting works, when all parties treat each other respectfully and talk about the subject and solutions at hand. I have rarely had issues helping developers understand and patch vulnerabilities found in their code – when I am able to speak directly with them that is…
