A certain Spanish blog has pointed out some security issues in these plugins that involves CSRF* and XSS* vulnerabilities. Some of the plugin authors are pissed off because the blogger didn’t contact them first about the security issues and that there’s no proof of concept. No need to panic though because the vulnerabilities in question aren’t that dangerous and are limited to logged in users only.

Mark Ghosh of Weblog Tools Collection announced the winners of the WordPress Plugin and Mod competition yesterday. Here are the names of the winners and their winning entries in reverse order:

Consolation Prize Winner: Ozh for the Who Sees Ads plugin.

The WhoSeesAds plugin lets WordPress users know who sees their blog ads. Ozh wins hosting from Pajama Mommy and a 48″ wallhog from Wallhogs.com

Third Prize Winner: Keith Dsouza for the WordPress Automatic Upgrade plugin.

WordPress Automatic Upgrade lets you automatically upgrade WordPress from your admin panel. Keith wins a Baby Hosting Plan for 1 year from Hostgator, Translator Pro 5.0 and $200 in cash.

Second Prize Winner: Barry for the MyDashboard plugin.

MyDashboard makes the WordPress Dashboard customizable and skinnable. Barry wins a Swamp Hosting Plan for 1 year from Hostgator, an autographed copy of Lorelle’s new book, Blogging Tips and $300 in cash.

Grand Prize Winner Anirudh Sanjeev for the OneClick plugin.

OneClick is a WordPress Plugin and Firefox Extension that enables WordPress users to install themes and plugins using a browser. Anirudh wins a Basic Dedicated Server for 6 months from Hostgator, $600 in cash and an 8 GB iPod Nano (or cash equivalent) from Imthiaz.

All winning plugins are very innovative and would be very useful for all WordPress users. I haven’t tried or installed any of these plugins but I do plan to try them out in the next few days.

After I’ve installed and tried these WordPress plugins, I’ll probably do reviews of each one. If you’ve tried any of these plugins, please do share your opinions about it. Let us know if you like or not and what the authors can do to improve it.

*CSRF – Cross-site Request Forgery
*XSS – Cross-site Scripting

JaypeeOnline is supported by its audience. When you click on the advertisements or purchase through links on our site, we may earn an affiliate commission. Learn more



Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.


  • JP Habaradas, August 28, 2007 @ 11:44 AM Reply

    @JM – Thanks for sharing your experience with WordPress Automatic Upgrade. I just might give it a try one of these days. :)

  • JM, August 27, 2007 @ 9:50 PM Reply

    I tried the WordPress Automatic Upgrade plugin when they released the 2.2.2 Update, and it works great! Upgrades your wordpress in less than 10 minutes tops!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.