I’m embarrassed to say this is because of a security issue, a potentially serious SQL injection vulnerability. I’ve provided a fix, and a new version should be available in the wordpress.org repository soon.[redacted link]
Thread Starter
blmbmj
(@blmbmj)
Ahh, THANK YOU VERY MUCH!
I’ve removed the link.
@davidfcarr you have the best intentions here, however telling people to download from a 3rd party is not actually a great idea. Had your account been compromised, or if you’d not had the flag of ‘plugin author’, you could have tricked users into downloading something malicious. We know, you didn’t, but the policy there is to not accidentally teach users that ‘any old link is safe because someone on the internet said so.’
Please don’t do that again.
Message received. I do want to get the corrected code out to established users ASAP. I’ve tried to follow the procedure, with changes posted to SVN and awaiting review. Do you have any visibility into how long that will take? Any likelihood of getting an updated version published today?
We give security re-reviews priority. But we also require that the plugin be safe to reopen. So it depends on if the reviewer finds any other issues (the initial report did state it was NOT a full review, and asked you to do one yourself).
Update: I provided a second set of fixes to wordpress.org plugin review team volunteers this morning. I’ve worked through a few issues with them and hope to see those updates available for download soon.
RSVPMaker back in the wordpress.org plugins repository as of last night. Please update ASAP.