We have been developing websites since 2004 and in that time we have had a bash at creating our own content management systems. In turn we have dabbled with Joomla and have tickled one or two other systems such as the Expression Engine before going the whole hog with WordPress. By 2008 we were creating WordPress websites on a regular basis. Since that time we have run into numerous problems that have kept cropping up time and time again. Then one day some bright spark suggested that we create a plug-in to help resolve those niggly WordPress problems and so the Diagnostic Tool was born. The link to the plug-in can be found here. https://wordpress.org/plugins/diagnostic-tool/
As with any software development you tend to concentrate on the problems at hand and external factors can be beyond your immediate vision. One of the good things with the WordPress ecosystem is the fact that we have a million eyeballs looking out for stuff …… and sure enough we had left ourselves open for some nasties. David Tomaschik kindly contacted our development team to point out some XSS and CSRF vulnerabilities which we duly fixed with some urgency. So a hat tip to David at systemoverlord.com for his assistance. It is good to know that people care enough to keep the WordPress playground safe!
To find out more about the exact issues, please see David’s post here:
https://systemoverlord.com/blog/2014/07/04/cve-2014-4182-cve-2014-4183-xss-xsrf-in-wordpress-diagnostic-tool-plugin/