During the work on PR #1431, we realized that the uninstallation logic is way more broken than only a missing nonce, and the general user interaction flow does not properly add up. Fixing this is not only very involved, but also makes way more drastic changes to the plugin than we feel comfortable doing within the scope of a security hotfix.
To fix the currently divulged security vulnerability, we now decided to remove the uninstallation for now (which makes the missing nonce a non-issue, of course) and give ourselves the time to properly rethink the uninstallation user flow in a larger update.
Checklist
[x] Project documentation has been updated to reflect the changes in this pull request, if applicable.
[ ] I have tested the changes in the local development environment (see contributing.md).
Fixes #1426. Supersedes #1431.
This PR removes the uninstallation logic for now.
During the work on PR #1431, we realized that the uninstallation logic is way more broken than only a missing nonce, and the general user interaction flow does not properly add up. Fixing this is not only very involved, but also makes way more drastic changes to the plugin than we feel comfortable doing within the scope of a security hotfix.
To fix the currently divulged security vulnerability, we now decided to remove the uninstallation for now (which makes the missing nonce a non-issue, of course) and give ourselves the time to properly rethink the uninstallation user flow in a larger update.
Checklist
contributing.md).