Administration Menus

Sub Menus

Top Level Menus

Credits

Cron

Hooking Wp Cron Into The System Task Scheduler

Scheduling Wp Cron Events

Simple Testing

Understanding Wp Cron Scheduling

Developer Tools

Debug Bar And Add Ons

Helper Plugins

Hooks

Actions

Advanced Topics

Custom Hooks

Filters

Http Api

Internationalization

How To Internationalize Your Plugin

Localization

Security

Intro

What Is A Plugin

Javascript

Ajax

Enqueuing

Heartbeat Api

Jquery

Summary

Metadata

Custom Meta Boxes

Managing Post Metadata

Rendering Post Metadata

Plugin Basics

Activation Deactivation Hooks

Best Practices

Determining Plugin And Content Directories

Header Requirements

Including A Software License

Uninstall Methods

Post Types

Registering Custom Post Types

Working With Custom Post Types

Privacy

Adding The Personal Data Eraser To Your Plugin

Adding The Personal Data Exporter To Your Plugin

Privacy Related Options Hooks And Capabilities

Suggesting Text For The Site Privacy Policy

Rest Api

Controller Classes

Requests

Responses 2

Rest Api Overview

Routes Endpoints

Schema

Security

Checking User Capabilities

Data Validation

Nonces

Securing Input

Securing Output

Settings

Custom Settings Page

Options Api

Settings Api

Using Settings Api

Shortcodes

Basic Shortcodes

Enclosing Shortcodes

Shortcodes With Parameters

Tinymce Enhanced Shortcodes

Taxonomies

Split Terms Wp 4 2

Working With Custom Taxonomies

Users

Roles And Capabilities

Working With User Metadata

Working With Users

Wordpress Org

Add Your Plugin To The Block Directory

Alerts And Warnings

Block Specific Plugin Guidelines

Common Issues

Compliance Disclaimers

Detailed Plugin Guidelines

How To Use Subversion

How Your Readme Txt Works

Planning Submitting And Maintaining Plugins

Plugin Assets

Plugin Developer Faq

Plugin Security

Reporting Plugin Security Issues

Preventing Wordpress From Updating Your External Plugin

Previews And Blueprints

Release Confirmation Emails

Special User Roles Capabilities

Take Over An Existing Plugin

Transferring Your Plugin To A New Owner

Using The Forums

title: "报告插件安全问题" post_status: publish comment_status: open taxonomy: category: - developer-plugins-handbook post_tag: - Reporting Plugin Security Issues - Plugin Security - Wordpress Org

报告插件安全问题

[warning]请勿向插件团队报告 WordPress 核心的安全问题。如需报告 WordPress 自身的问题，请遵循报告安全漏洞的指引。[/warning]

如果您发现插件存在安全问题，请切勿在任何公开场合发布相关信息。即使官方安全跟踪网站已有相关报告，提高对安全问题的关注度往往会增加用户被攻击的风险，且很少能加快修复速度。

如需报告插件问题，请发送邮件至 plugins@wordpress.org，内容需包含：

对问题的清晰简明描述
具体插件的链接
您是否已亲自验证该安全问题
可选——第三方网站上任何公开披露的链接

对于严重漏洞，请遵循负责任且合理的披露原则。在向我们报告插件问题之前，应尽一切努力直接联系开发者（尽管我们理解这可能存在困难——请先检查插件源代码，许多开发者会列出其邮箱）。若无法私下联系到开发者，请直接联系我们，我们将提供协助。

大多数插件在问题解决前会被关闭以防止新用户下载。因此，在插件更新前您可能不会收到修复通知。同时，由于资源有限，我们目前不提供协助提交 CVE 的服务。您可以自行提交，但我们无法提供帮助。

若您已在公开场合发布漏洞信息并提供了报告链接，请勿删除！我们将直接将该信息转交给插件开发者。