Title: Rogue Coder's Replies | WordPress.org --- # Rogue Coder [ ](https://wordpress.org/support/users/roguecoder/) * [Profile](https://wordpress.org/support/users/roguecoder/) * [Topics Started](https://wordpress.org/support/users/roguecoder/topics/) * [Replies Created](https://wordpress.org/support/users/roguecoder/replies/) * [Reviews Written](https://wordpress.org/support/users/roguecoder/reviews/) * [Topics Replied To](https://wordpress.org/support/users/roguecoder/replied-to/) * [Engagements](https://wordpress.org/support/users/roguecoder/engagements/) * [Favorites](https://wordpress.org/support/users/roguecoder/favorites/) Search replies: ## Forum Replies Created Viewing 14 replies - 1 through 14 (of 14 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Events Easy Calendar] Multiple critical vulnerabilities](https://wordpress.org/support/topic/multiple-critical-vulnerabilities/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/multiple-critical-vulnerabilities/#post-4034872) * I’ve tried it and got an instant response that it’s not valid. I’m going offline today and will be offline for until next Monday. If no reply has been made I will contact the one you provided. Thanks for this reply * Forum: [Reviews](https://wordpress.org/support/forum/reviews/) In reply to: [[Events Easy Calendar] Should not be used](https://wordpress.org/support/topic/should-not-be-used/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/should-not-be-used/#post-7784392) * So common sense is to report to the developer only, and let users possible be exploited by black hats while waiting for the fix? Sorry, but this doesn’t seem like common sense to me. * In this review I did nothing but issue a warning to users to wait for the fix before using this in a public environment.. * I don’t understand what you’re really arguing about when it comes to the time I’ve given the developers. They’ve been given 9 days to reply and from the day the report is sent they’re given 14 days to fix it.. So I do believe that a total of 23 days is more then enough. Or? * I’m not wasting my time in this pointless discussion anymore, consider this my last message. * Forum: [Reviews](https://wordpress.org/support/forum/reviews/) In reply to: [[Events Easy Calendar] Should not be used](https://wordpress.org/support/topic/should-not-be-used/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/should-not-be-used/#post-7784389) * Now that’s a weird policy.. A person finds a critical vulnerability in a plugin, and he’s not allowed to warn people to wait to use it until it has been patched? Where’s the logic in that? * I thought that WordPress want their users to be safe, but how can they be if ethical security researchers like myself is not allowed to inform about this to other users without disclosing the PoC’s and types of vulnerabilities. More people read the reviews than the Support section when downloading a plugin, because they want to see what people are saying about the plugin and how happy they are about it. * If/When the plugin gets fixed the review will of course be updated accordingly. * I mean, it would have been a whole different story if I had published the report to Bugtraq or Full Disclosure by now. That could become truly devastating. But since I work by ethical rules this won’t happen. The developers are _always_ given a proper deadline to reply and fix the issues before the report goes public. * Forum: [Reviews](https://wordpress.org/support/forum/reviews/) In reply to: [[Events Easy Calendar] Should not be used](https://wordpress.org/support/topic/should-not-be-used/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/should-not-be-used/#post-7784387) * Well yes obviously I’m not expecting a response withing 12 hours.. I’ve already sent a new message to the developers (through the support section with “This topic is not a support question” checked) before sending this, that I’m giving them 9 days to respond.. Until next Monday. * All I said in this review was that I have contacted the developers to be able to get a valid address to send the report to, and that people should wait to use this in a public environment until a fix has been released because of the vulnerabilities. * This is my way to try to help users of the WordPress platform to stay as secure as possible, by every single day investigate newly uploaded/updated plugins, and sending reports to the developers. Sadly, many developers completely ignores this and leaves their users vulnerable. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HMS Testimonials] Multiple critical vulnerabilities found](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/#post-4008071) * I just wanted to stop by and say that I’ve tested 2.0.11 and the vulnerabilities are indeed secured 🙂 * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HMS Testimonials] Multiple critical vulnerabilities found](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/#post-4008054) * You’re welcome. I will upgrade my version and test it as well. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Hack me if you can] Short tags?](https://wordpress.org/support/topic/short-tags/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/short-tags/#post-4008031) * Sounds good.. I’ll check it later tonight * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Hack me if you can] Short tags?](https://wordpress.org/support/topic/short-tags/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/short-tags/#post-4008028) * Then I suggest you explain why this appears when I try to save * [http://wordpress/wp-admin/<](http://wordpress/wp-admin/<);?echo $_SERVER[‘ REQUEST_URI’];?> * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HMS Testimonials] Multiple critical vulnerabilities found](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/#post-4008024) * Yeah might be.. That’s good * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HMS Testimonials] Multiple critical vulnerabilities found](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/#post-4008021) * Roger.. I’ll send it there * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HMS Testimonials] Multiple critical vulnerabilities found](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/#post-4008016) * Refreshed the page and still the same error * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HMS Testimonials] Multiple critical vulnerabilities found](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/#post-4008014) * Your contact form is flawed… I get this when trying to send. * —— Forbidden * You don’t have permission to access /contact/ on this server. * Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. ——- * You want me to disclose it here? If not give me somewhere else to send it. I don’t think you would like this to be public before it’s patched to be honest * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HMS Testimonials] Multiple critical vulnerabilities found](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 9 months ago](https://wordpress.org/support/topic/multiple-critical-vulnerabilities-found/#post-4008012) * I will send another message through the contact-us form with all the content * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Usernoise modal feedback / contact form] Vulnerability affecting admins](https://wordpress.org/support/topic/vulnerability-affecting-admins/) * Thread Starter [Rogue Coder](https://wordpress.org/support/users/roguecoder/) * (@roguecoder) * [12 years, 10 months ago](https://wordpress.org/support/topic/vulnerability-affecting-admins/#post-3931774) * Indeed it is yes, but I really do not understand why you allow tags in the summary at all. Viewing 14 replies - 1 through 14 (of 14 total)