Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#45780 closed defect (bug) (duplicate)

Installed different plugin and ask for update from different plugin

Reported by: jk81093's profile jk81093 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Plugins Keywords:
Focuses: privacy Cc:

Description

Very dangerous bug, its kind of a loophole to destroy website.
For example I have created custom plugin with name of "example" directory, and if in WordPress plugin market if plugin available with same directory (example) then installed plugin asked for update but both plugin are different. And if we update the plugin from the popup then old plugin replaced with new plugin but both are different.
So if we update plugin with some hacky code to the name of popular plugin directory then its dangerous for targeted website.

Change History (3)

#1 @Otto42
6 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

This is a known issue, but not one that is planned for a fix. Plugins are recognized by their name, slug, and the Plugin URI header. Make those different and unique for each plugin.

If you use custom plugins, name them appropriately so as to avoid conflicts. We generally recommend using your domain name in the slug if the plugin is specific to that domain. Like example-com-my-plugin or similar.

#3 @SergeyBiryukov
6 years ago

  • Resolution changed from wontfix to duplicate
  • Severity changed from critical to normal

Hi there, welcome to WordPress Trac! Thanks for the report.

We are already tracking this behavior and approaches to solving it in #32101.

Also related: #14179, #23318.

Note: See TracTickets for help on using tickets.