A certain Spanish blog has pointed out some security issues in these plugins that involves CSRF* and XSS* vulnerabilities. Some of the plugin authors are pissed off because the blogger didn’t contact them first about the security issues and that there’s no proof of concept. No need to panic though because the vulnerabilities in question aren’t that dangerous and are limited to logged in users only.
Mark Ghosh of Weblog Tools Collection announced the winners of the WordPress Plugin and Mod competition yesterday. Here are the names of the winners and their winning entries in reverse order:
The WhoSeesAds plugin lets WordPress users know who sees their blog ads. Ozh wins hosting from Pajama Mommy and a 48″ wallhog from Wallhogs.com
WordPress Automatic Upgrade lets you automatically upgrade WordPress from your admin panel. Keith wins a Baby Hosting Plan for 1 year from Hostgator, Translator Pro 5.0 and $200 in cash.
MyDashboard makes the WordPress Dashboard customizable and skinnable. Barry wins a Swamp Hosting Plan for 1 year from Hostgator, an autographed copy of Lorelle’s new book, Blogging Tips and $300 in cash.
OneClick is a WordPress Plugin and Firefox Extension that enables WordPress users to install themes and plugins using a browser. Anirudh wins a Basic Dedicated Server for 6 months from Hostgator, $600 in cash and an 8 GB iPod Nano (or cash equivalent) from Imthiaz.
All winning plugins are very innovative and would be very useful for all WordPress users. I haven’t tried or installed any of these plugins but I do plan to try them out in the next few days.
After I’ve installed and tried these WordPress plugins, I’ll probably do reviews of each one. If you’ve tried any of these plugins, please do share your opinions about it. Let us know if you like or not and what the authors can do to improve it.
*CSRF – Cross-site Request Forgery
*XSS – Cross-site Scripting