discovered possible vulnerability

I just discovered a possible vulnerability in a WordPress plugin that supports OpenID authentication for comments. The developer’s website is down and the plugin hasn’t been updated in two years.

What’s protocol for this these days? I’ve trivially patched my own install, but (particularly pending further analysis which I have not done – for all I know it’s not actually exploitable… but I kind of think it is) I strongly recommend disabling this plugin unless you have your own patch.

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby