Giulio

I know that this is an infinite debate that will never end but while I agree that we have the right to know that there’s a vulnerability, you don’t have necessarily to give all the details of how to exploit it when you announce it.

We’ve already seen many researchers announcing that they have found a vulnerability but then postponing all the details to when a fix will be published. In this way they put pressure on the developer, and don’t disclose too many details too early.

Telling that there is a vulnerability is right, even explaining a workaround while waiting for a fix would be a good practice but disclosing any details means putting in the hand of any script kiddie the information to play, have fun, and make some damage.
Try to at least to not make the situation any worse than it already is.

Name *

Email *

Website:

Topic Title (Maximum Length: 80):

Forum:
— No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor