Sohei Iwahori
Forum Replies Created
-
Forum: Plugins
In reply to: [MF Gig Calendar] Reported critical vulnerability fix? Plugin abandoned?I’m not sure is this thread is the right place to suggest, though how about adding me as a maintainer for this plugin?
My motivations is jto use this plugin for my maintaining site ( mentioned in another thread ) for long term.
If there is not plan for major updates, I could fix some vulnerabilities and keep it running on new PHP versions as much as I can.
Lets say, if new critical vulnerability has found in the future, and you’re so busy to fix it, I may fix it by myself to use it for my maintaining site, but it can be more beneficial for other users in that way.
Please have a think about it.
Thanks.
Forum: Plugins
In reply to: [MF Gig Calendar] Reported critical vulnerability fix? Plugin abandoned?Just as a third party IT engineer, I want to add a quick note about the vulnerability.
As I checked the report, it seems like this vulnerability requires a privilege at least as contributor.
Thus it does not mean every visitor can break the database or steal information from it(of course it should be fixed though), so users who manage the site just by themselves or by trusted people would not be affected at least just using it normally at least with this vulnerability.
IMO it is also an issue that this plugin does not require a proper privilege to mange the plugin setting, it should be done by only administrators.
- This reply was modified 2 years, 4 months ago by Sohei Iwahori.