Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Anyone can tell me how I can contact a developer plugin to give to him information about possible vulnerabilities that I found in its plugin.
Contacting a plugin developer directly is often not possible for users.
I also contact plugins(at)ww.wp.xz.cn about that, but no answer I obtained.
You’ve done the right thing and will have to wait for a reply from the plugins team. It’s not a large team and you need to be patient. You’ll get a reply. 😉
I also contact plugins(at)ww.wp.xz.cn about that, but no answer I obtained.
You’ve done the right thing and will have to wait for a reply from the plugins team. It’s not a large team and you need to be patient. You’ll get a reply. 😉
Ok, but a month has already passed… Initially I posted a message in “Support plugin’s website”, asking to contact me. However, you had the kindness of removing all my posts…
The vulnerabilities that I found will be published in a scientific paper about security, in a prestige international conference, and I would like to contact the plugins developers to confirm the vulnerabilities and before becoming public… it is the best practice…
Regards,
iberiam
did you post on the support forum for the plugin saying “contact me” explaining why the author should contact you?
Look at the plugin author. it might have social media accounts or his/her own website.
The message that I posted in the support forum for the plugin was the following:
——
subject: Possibility of some vulnerabilities in your plugin
Hi,
Possibly I found some vulnerabilities in plugin <name of WP plugin and version>. Please contact me by other channel to send you the report of these vulnerabilities.
my email: my_email(at)mail.com
Kind regards,
—-
So, why developers should not contact me ?!… Besides, I had already used this procedure another time, and developers contacted me.
And of course, I just posted a message to the plugins that no author had contact in plugins site.
Hiya,
If you sent the email a month ago to the plugins team, you can probably send a new one asking for an update, also did you send the actual problem, or did you ask them to contact you to be told the problem?
The post to the plugin authors forum was redacted (we don’t allow people posting their contact details like that), which is probably why noone there contacted you back.
