Someone’s been on a rampage going through Wordpress plugins this week.  Yesterday there was [4/5] WordPress myGallery Plugin “myPath” File Inclusion, a highly critical security hole in the myGallery plugin.  Today there are two more, in the wordTube plugin and wp-Table plugin:

[4/5] WordPress wordTube Plugin “wpPATH” File Inclusion
[4/5] WordPress wp-Table Plugin “wpPATH” File Inclusion

Continue reading…

I totally agree with you, especially regarding the fact that the common user will not distinguish between problems based on the core system and others arising from third party solutions. I’d even add another possible problem with 3rd party addons: “Abandonware” - addons that aren’t longer supported by the developer but that are floating around and that sometimes siteowners are relying on.

While I know about the problems of thus an idea, I’d therefore favour an “EE certified addon” program for EE. Perhaps (despite of the problems, again), it would even be a great idea (from the user perspective) if the EE developers would “adopt” some 3rd party addons.

I personally found myself reducing the use of 3rd party addons in my installations due to the problems that arised when switching the installed PHP version to a newer one (think: &=). While these weren’t security related problems, they still show the need for support. Even if excluding any liability, the publishing of an addon somehow means that users are expecting that the developer will be responsible for it in the future. And moreover, not only the developer of the addon, but the developer of the CMS as well.

ms - 02 May 2007 12:10 PM

While I know about the problems of thus an idea, I’d therefore favour an “EE certified addon” program for EE. Perhaps (despite of the problems, again), it would even be a great idea (from the user perspective) if the EE developers would “adopt” some 3rd party addons.

Totally agree with an idea for an “EE Certified” Plug-in, Extension, Module, Whatevers. It may be painful to administer, but it’s long overdue and would add value to EE and the company.

I personally found myself reducing the use of 3rd party addons in my installations due to the problems that arised when switching the installed PHP version to a newer one (think: &=). While these weren’t security related problems, they still show the need for support. Even if excluding any liability, the publishing of an addon somehow means that users are expecting that the developer will be responsible for it in the future. And moreover, not only the developer of the addon, but the developer of the CMS as well.

We’ve done the same—reducing the use of 3rd party addon components. We’d love to have the extra functionality that EE doesn’t provide, but not at the expense of extra troubleshooting, extra support issues, and problems that arise following EE upgrades.

Totally agree with an idea for an “EE Certified” Plug-in, Extension, Module, Whatevers. It may be painful to administer, but it’s long overdue and would add value to EE and the company.n

Yes !

Just having some extensions and plugins implemented onto EE. Would love the work to be audited, and ee-certified by some of EE tech team or approved pros for example ?