On Mon, Apr 27, 2015 at 8:55 AM, Anthony Ferrara <ircmax...@gmail.com> wrote:
> Just for clarification, was the project given a chance to fix this or > notified in any way prior to public announcement? > Apparently WordPress completely ignored all of their notification attempts. Klikki just added this paragraph to the online version of their advisory ( http://klikki.fi/adv/wordpress2.html): "WordPress has refused all communication attempts about our ongoing security vulnerability cases since November 2014. We have tried to reach them by email, via the national authority (CERT-FI), and via HackerOne. No answer of any kind has been received since November 20, 2014. According to our knowledge, their security response team have also refused to respond to the Finnish communications regulatory authority who has tried to coordinate resolving the issues we have reported, and to staff of HackerOne, which has tried to clarify the status our open bug tickets." Sigh, Fyodor _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/