On 1/20/26 05:31, mohammed gaming 222 wrote:
Hello OSS-Security Team,
I would like to responsibly disclose a security vulnerability identified in
the WordPress plugin *Under Construction & Maintenance Mode*.
------------------------------
Disclosure Timeline
- Vulnerability discovered through manual security testing
- Advisory published through community channels
- No active exploitation observed at the time of disclosure
------------------------------
Your timeline is missing the dates these events happened - and most importantly
it's missing if/when you notified the vendor. It's not "responsible disclosure"
if you haven't told the people who can actually fix the problem - as Moritz
noted, Wordpress plugins are mostly an entirely different ecosystem than the
folks on this list, so they're not likely to find out from a posting here.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
