WordPress.org

Make WordPress Core

Opened 11 months ago

Closed 11 months ago

Last modified 11 months ago

#45780 closed defect (bug) (duplicate)

Installed different plugin and ask for update from different plugin

Reported by: jk81093 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Plugins Keywords:
Focuses: privacy Cc:
PR Number:

Description

Very dangerous bug, its kind of a loophole to destroy website.
For example I have created custom plugin with name of "example" directory, and if in WordPress plugin market if plugin available with same directory (example) then installed plugin asked for update but both plugin are different. And if we update the plugin from the popup then old plugin replaced with new plugin but both are different.
So if we update plugin with some hacky code to the name of popular plugin directory then its dangerous for targeted website.

Change History (3)

#1 @Otto42
11 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

This is a known issue, but not one that is planned for a fix. Plugins are recognized by their name, slug, and the Plugin URI header. Make those different and unique for each plugin.

If you use custom plugins, name them appropriately so as to avoid conflicts. We generally recommend using your domain name in the slug if the plugin is specific to that domain. Like example-com-my-plugin or similar.

#3 @SergeyBiryukov
11 months ago

  • Resolution changed from wontfix to duplicate
  • Severity changed from critical to normal

Hi there, welcome to WordPress Trac! Thanks for the report.

We are already tracking this behavior and approaches to solving it in #32101.

Also related: #14179, #23318.

Note: See TracTickets for help on using tickets.