WordPress plugin quirk resulted in UK Gov OBR Budget leak [pdf]

[cstuder]

> A feature known as the Download Monitor plug-in created a webpage with the clear URL which provided a link to the live version, which bypassed the need for authentication. This rendered the protections on the ‘future’ function of WordPress redundant as it bypassed the required authentication needed to gain access to the pre-uploaded document.

WordPress is a nice piece of software, but the plugin situation is getting worse and worse. (Too many pending updates, premium features and constant upselling, selling of plugins to new sketchy owners...)

[withinboredom]

The main issue is that there isn't any governance to the plugin store. Once you have a plugin in there, you have free reign to do whatever you want with it. Getting it in there is a PITA though. For example, a library author and I created a plugin, but they wouldn't let me submit it because I wasn't the other author, and they wouldn't let him submit it because he wasn't me. True story.

[kassner]

TBF there is some scrutiny on existing plugins, the team is just extremely understaffed (it’s ran by volunteers after all). I got involved in a plugin that ended up getting de-listed for some minor ToS violations after several years of being “fine”, they re-reviewed the plugin with the same rigor as a new submission.

[chuckadams]

Kudos to these volunteers, but as long as one single company continues to insist on owning all the resources of the plugin and theme directories, I don't think they deserve to continue profiting from volunteer labor.

[RobotToaster]

There's also the fact that Matt Mullenweg (the guy who owns automattic) has made hostile takeovers of plugin pages before

[chippiewill]

> WordPress is a nice piece of software, but the plugin situation is getting worse and worse

The plugin situation is a mess largely because Wordpress isn't a nice piece of software.

It's popular, and functionally it's great, but the codebase is really showing its age. Wordpress has never properly rearchitected because it would break plugins on a scale that would endanger its dominance.

[ollybee]

There's a whole industry of people selling solutions to WordPress's failings, all of whom have strong incentives for it not be properly improved.

[pessimizer]

> the codebase is really showing its age.

It's not age, it started very, very bad. If they'd fixed the horrible schema and the code a decade and a half ago, plugins would have been a lot easier to write (and a lot safer.)

[whycome]

My favorite current plugin woe is where it completely changes what it does but keeps the same name and it's all a part of its 'update'

[kstrauser]

To an outsider, its entire plugin ecosystem is so odd. Like the conversation about “nulled” plugins, where someone removes license-checking code from GPL-licensed plugins and then redistributes them, and whether that’s moral, or even legal, which of course it is, because that’s the entire point of the GPL.

[devnull3]

> which provided a link to the live version

Even if that is the case, the backend must validate.