yrccondor / wp-webauthn

🔒 WP-WebAuthn allows you to safely login to your WordPress site without password.
https://wordpress.org/plugins/wp-webauthn
GNU General Public License v3.0
128 stars 15 forks source link

Not in WP Plugins Directory #75

Open alexclst opened 1 month ago

alexclst commented 1 month ago

I use this plugin and just realized when trying to install it on a new site that it is no longer in the plugins directory. What is up? Will it come back?

yrccondor commented 1 month ago

Hi alexclst, earlier this week a guy found an xss issue in wp-webauthn shortcodes and reported it to wordpress, and wordpress automatically took it down temporarily. due to the standard disclosure procedure I won't talk about the details here, but please be assured this issue has very limited impact on your site's security, and the plugin should be back in few days once the issue is fixed. Very sorry for this.

yrccondor commented 1 month ago

Glad to say we are back! Together with the wordpress plugin review team, the plugin has been completely reviewed to make sure the plugin meets the wordpress security requirements and there's no other similar issue in this plugin. The wordpress plugin review team have verified the fix, and details of the issue should be disclosed in few days once wordfence validate it: https://www.wordfence.com/threat-intel/vulnerabilities/id/77247a6b-2473-4b36-9ad8-b7802e4fad32 Please check out updates of the plugin.