Re: SECURITY WARNING: stop using Private Messaging plugin
It’s because it is a plugin that we’re all able to patch it without upgrading the entire bbPress install itself!
I agree that it’d be nice if the top plugins had security audits of some kind. Thank goodness a user reported this and another one fixed it though – that’s exactly how open source communities should work (ideally). Thanks merlin214365 and _ck_!
I do feel dumb for just installing this plugin without even looking at the code. I’m going to do a personal security audit, and report back if any of the plugins I’m using turn up with security holes. Hopefully we can use this incident to improve the overall security of the most popular bbPress plugins!