Joseph Scott wrote: > This morning I turned on PuSH support for all WordPress.com blogs > -http://en.blog.wordpress.com/2010/03/03/rub-a-dub-dub-in-the-pubsubhu... > > And for WordPress.org users can do the same thing with the PuSHPress > plugin -http://wordpress.org/extend/plugins/pushpress/
I just looked at the code for the PuSHPress plugin (don't know whether that is the same code that Wordpress.com uses) and it looks to me like it does no verification when receiving an unsubscribe request. That seems like a fairly serious flaw to me. Or have I misunderstood the way the code works?
