Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's in the title? It's the official GravityForms plugin, supposedly version 2.9.13 fixes the issue, but the changelog [0] doesn't even mention the breach.

[0] https://docs.gravityforms.com/gravityforms-change-log/



Honestly it still required a web search on my part to figure out it’s a WordPress plugin. That should be in the title.


Any time I read the words vulnerable and plugin I just assume WordPress is involved somehow. I'm convinced that the internet would be instantly more secure if the entire platform died off.


It would.

It also would be a lot less useful. A lot of content is published through WordPress.

I suspect an effective approach would be encouraging ways to make WP more secure, or publish a secure platform that can easily be transitioned from WP.


Wordpress dominates internet outside megacorps. There are a lot of security issues but there is a lot of utility too.


you're not suppose to editorialize or change the title per HN rules.


There's a blog post about the incident:

https://www.gravityforms.com/blog/security-incident-notice/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: