WP Tavern › Forums › Create Topic
Julien (@julien731) That’s true @Otto, but isn’t it restrictive to only say that about 3rd party libraries? I mean, if someone releases a plugin on WP.org and never updates it, when a security issue arises, like say an XSS vulnerability with add_query_arg(), then the security issue remains… Updating plugins / themes is the responsibility of the author, and this includes updating 3rd party dependencies. Not updating a plugin is just like not updating a dependency in terms of risks IMO.
Julien (@julien731)
That’s true @Otto, but isn’t it restrictive to only say that about 3rd party libraries? I mean, if someone releases a plugin on WP.org and never updates it, when a security issue arises, like say an XSS vulnerability with add_query_arg(), then the security issue remains…
Updating plugins / themes is the responsibility of the author, and this includes updating 3rd party dependencies. Not updating a plugin is just like not updating a dependency in terms of risks IMO.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content