| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by liviu- 4003 days ago
	>- rarely features security issues which aren't fixed immediately I tried to use WordPress once. I downloaded a theme from wordpress.org with the assumption that themes are reviewed before making there. Nevertheless, I did some basic pentesting before putting my app live, and I quickly found a XSS vulnerability in the search bar of the theme (their paid version featured the same vulnerability). Maybe my experience is not to be generalised to WordPress in general, but it put me off.

1 comments

dr_hercules 4003 days ago

> Maybe my experience is not to be generalised to WordPress in general, but it put me off.

WordPress plug ins are - as far as I know - not reviewed. You're at the mercy of the respective developer.

link

liviu- 4003 days ago

They are, as this link seem to indicate: https://wordpress.org/plugins/add/

>Currently there are 224 plugins in the review queue, 198 of which are awaiting their initial review.

link

dr_hercules 4003 days ago

There are more than 38k plug ins available (https://en.wordpress.org/plugins/). And also from what I have seen so far - there is no extensive (if any) reviewing done regarding safety and quality.

link

lucaspiller 3998 days ago

When you first add a new plugin it is reviewed, but once it's been accepted you are free to push out whatever changes you want without review.

link