My plugin removed from WP.org extend directory

**Ryan** · 02-05-2010, 01:01 AM

Originally Posted by FolioVision

Strangely SemperFi All in One has still not been updated and is still available!

Are you sure? I looked at it the other week and it did appear to have been updated. Or did I get that wrong?

**FolioVision** · 02-05-2010, 05:34 AM

Hello Ryan,

when you look at

http://wordpress.org/extend/plugins/...-one-seo-pack/

you will see the last update:

"Last Updated: 2009-12-20"

This thread started in january, so it does not look to be updated.

**Ryan** · 02-05-2010, 06:08 AM

Oh, well that's just weird. I thought I saw code changes in there the other week. I must have imagined it :p

**Jeffro** · 02-05-2010, 12:36 PM

I have no idea why that would be. A bit long for a security update to not transfer through. Maybe that data is old? Or, he just updated the commercial version and that's it?

**chipbennett** · 02-05-2010, 12:59 PM

Originally Posted by Jeffro

I have no idea why that would be. A bit long for a security update to not transfer through. Maybe that data is old? Or, he just updated the commercial version and that's it?

And surprisingly, it's not yet been yanked from the repository...

/sarcasm

**Cais** · 02-05-2010, 02:11 PM

As of a few seconds ago ...

All in One SEO Pack Downloaded 4,370,000 times

It might be a bit embarrassing for WordPress to pull the single most downloaded plugin ... which even more so strikes as an "old boys network"

**andreasnrb** · 02-05-2010, 02:17 PM

It would reflect badly if the most downloaded plugin was yanked due to security problems.
Also means that no programmer has ever looked at the code =).

**chipbennett** · 02-05-2010, 02:55 PM

Originally Posted by JellyBeen

As of a few seconds ago ...

All in One SEO Pack Downloaded 4,370,000 times

It might be a bit embarrassing for WordPress to pull the single most downloaded plugin ... which even more so strikes as an "old boys network"

I'm positive that's the reason that AIOSEO was not treated in the same manner as its less-popular fork.

The reasoning, of course, is exactly backwards:

The overall risk of an extremely minor fork that exposes, let's say, a few hundred WordPress users to the alleged vulnerability is miniscule compared to the overall risk of AIOSEO, which exposes over four million WordPress users to the alleged vulnerability.

Yet, it was the miniscule-risk plugin that was yanked, and the massively popular (and thus, massive-risk) plugin was left completely alone.

**andrea_r** · 02-05-2010, 03:34 PM

Granted I've only been skimming this issues, but I was under the impression that the minor fork had actually removed a pile of security checks that were in the original , and that was why it was yanked.

**andreasnrb** · 02-05-2010, 04:13 PM

Originally Posted by andrea_r

Granted I've only been skimming this issues, but I was under the impression that the minor fork had actually removed a pile of security checks that were in the original , and that was why it was yanked.

Nah the problematic code was never called. It was just a function he hadn't removed yet. Then there was a lack of esc_ use but thats the case with like all plugins known to man that isn't written by Mark J ;).

Thread: My plugin removed from WP.org extend directory

LinkBack

Thread Tools

Display

Posting Permissions