Hacker News
- Adding Defense-in-Depth against PHP Object Injection in the Core https://core.trac.wordpress.org/ticket/62970 2 comments wordpress
- Securing WordPress Against Infrastructure/Supply-Chain Attacks (Feedback Sought from /r/netsec) https://core.trac.wordpress.org/ticket/39309#comment:21 24 comments netsec
- I thought the Wordpress Bug that led to the worm was somehow difficult or complicated. But its much worse - they just forgot to check for the permissions on ALL option-pages in admin http://core.trac.wordpress.org/changeset/11762 124 comments programming