Security contact

[mal-tee]

Hello maintainer(s),

I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.

We would like to report this vulnerability to you in a responsible and ethical manner. Therefore, we do not want to disclose any details of the vulnerability publicly until you have had a chance to review and fix it.

Could you please let us know your prefered way of receiving security reports?

You can contact us at ias-disclosure@tu-braunschweig.de or by replying to this issue.

Thank you for your attention and cooperation.

[cherbst]

This issue is fixed in our fork: https://github.com/blindsidenetworks/wordpress-plugin_bigbluebutton/commit/1c0c97401eb5fbc91c541a61b3217555322a16ca

[mal-tee]

Dear maintainer(s),

I am getting in touch again to ask you for a security contact. We want to disclose a (potential) security vulnerability in your project responsibly. Feel free to respond with your preferred method of disclosure in this issue or via email: ias-disclosure@tu-braunschweig.de

Please note that we anticipate to release our findings later this year.

Thank You

---

This issue is fixed in our fork: 1c0c974

This fix seem unrelated to the issue we found.

[cherbst]

So the issue you found is not the one described in: https://wpscan.com/vulnerability/8bb35d84-47c1-4b26-b6f2-6cf97e358c9b/ ? Can you post the WPVDB entry related to the issue you found?

[mal-tee]

Can you post the WPVDB entry related to the issue you found?

There is none. I am trying to disclose this issue atm.

If you can provide me with a link to your fork and, I can check if persist there as well.

[cherbst]

That's our fork: https://github.com/konnektiv/wordpress-plugin_bigbluebutton