←back to thread

Secure Custom Fields by WordPress.org

(wordpress.org)
172 points ValentineC | 3 comments | 12 Oct 24 18:38 UTC | HN request time: 0s | source
Show context
discostrings ◴[12 Oct 24 19:09 UTC] No.41821577[source]
Blog post on wordpress.org concerning this: https://wordpress.org/news/2024/10/secure-custom-fields/
replies(5): >>41821660 #>>41821693 #>>41821701 #>>41823726 #>>41825054 #
smarx007 ◴[12 Oct 24 19:23 UTC] No.41821701[source]
> This update is as minimal as possible to fix the security issue.

What is the actual issue? CVE number?

replies(4): >>41821713 #>>41821766 #>>41821803 #>>41821830 #
1. Sebguer ◴[12 Oct 24 19:33 UTC] No.41821766[source]
Details haven't been made public yet: https://www.cve.org/CVERecord?id=CVE-2024-9529

Though, Automattic posted publicly that there was a vulnerability shortly after filing the CVE, while simultaneously blocking WPEngine from being able to push a fix to it because they'd cut off access to wp.org

replies(1): >>41824939 #
2. FireBeyond ◴[13 Oct 24 03:24 UTC] No.41824939[source]
I wonder how many Automattic resources Matt threw at ACF to find a vulnerability to catalyze this situation?
replies(1): >>41825055 #
3. ImPostingOnHN ◴[13 Oct 24 03:59 UTC] No.41825055[source]
Same, I was imagining Gavin Belsom and his warehouse full of Hooli employees scouring over the Pied Piper demo.

Similarly, this is all to resolve the personal grudge of an exceedingly rich dude who wants even more money.