2013-10-08, 04:55 AM
I think we should have a news feed where if the MyBB team finds a new vulnerability in a plugin and if the plugin gets removed, a feed should be posted informing MyBB software users in ACP that there was a new vulnerable plugin removed from the mods site and if they are using the plugin, it's recommend they remove the plugin.
I understand that we have a sticky for known vulnerable plugins but think about this. If you are a successful webmaster and way too busy to check out the MyBB community forums and your site is using a plugin that is vulnerable however no update(s) available on the mods site, you wouldn't know about it and anyone can then break into your website due to the vulnerable plugin. It would be hard for the webmaster to visit MyBB everyday to check for vulnerable plugins, I mean after all they have their own huge board to look after.
This is just a rough idea of informing webmasters about vulnerable plugins and a shoutout to protect their website(s). Off course it's up to the MyBB team on how they would like to implement this if they agree with this suggestion.
I understand that we have a sticky for known vulnerable plugins but think about this. If you are a successful webmaster and way too busy to check out the MyBB community forums and your site is using a plugin that is vulnerable however no update(s) available on the mods site, you wouldn't know about it and anyone can then break into your website due to the vulnerable plugin. It would be hard for the webmaster to visit MyBB everyday to check for vulnerable plugins, I mean after all they have their own huge board to look after.
This is just a rough idea of informing webmasters about vulnerable plugins and a shoutout to protect their website(s). Off course it's up to the MyBB team on how they would like to implement this if they agree with this suggestion.