Make WordPress Core

Opened 10 months ago

Closed 10 months ago

Last modified 10 months ago

#41865 closed defect (bug) (invalid)

Have not received response at Hackerone

Reported by: zhk Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.8.1
Component: General Keywords:
Focuses: Cc:


Hi team, I've submit a security at Hackerone, 5 days passed, but I have not received any response again.

Change History (2)

#1 @SergeyBiryukov
10 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi @zhk, thank you for the report! It's being looked into, the security team will reply when they have a chance.

#2 @aaroncampbell
10 months ago

Hey @zhk,

I appreciate your help in keeping WordPress secure. I looked at the HackerOne report and, while you're right that it hasn't had a response in five days, there had been responses from people on our team eight days ago. It is being looked at.

However, the WordPress core Trac is not the place to get updates on HackerOne reports. Security issues shouldn't be discussed or referenced in public places until they have been resolved and disclosed. Please keep the questions, even ones for updates, on the HackerOne report. Each comment you make there is piped into our security slack channel and gets in front of the eyes of our whole team.

Thanks, Aaron WordPress Security Team Lead

Note: See TracTickets for help on using tickets.