Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <62f8eb68-dacf-4259-b3c0-da9f4242a986@oracle.com>
Date: Tue, 20 Jan 2026 14:49:18 -0800
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com,
        mohammed gaming 222 <craftmohammed460@...il.com>
Subject: Re: WordPress Plugin "Under Construction & Maintenance
 Mode": Exposed debug functionality

On 1/20/26 05:31, mohammed gaming 222 wrote:
> Hello OSS-Security Team,
> 
> I would like to responsibly disclose a security vulnerability identified in
> the WordPress plugin *Under Construction & Maintenance Mode*.
> 
> ------------------------------
> Disclosure Timeline
> 
>     - Vulnerability discovered through manual security testing
>     - Advisory published through community channels
>     - No active exploitation observed at the time of disclosure
> 
> ------------------------------

Your timeline is missing the dates these events happened - and most importantly
it's missing if/when you notified the vendor.  It's not "responsible disclosure"
if you haven't told the people who can actually fix the problem - as Moritz
noted, Wordpress plugins are mostly an entirely different ecosystem than the
folks on this list, so they're not likely to find out from a posting here.

-- 
         -Alan Coopersmith-                 alan.coopersmith@...cle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.