New comment by prophesi in "Unpatched WordPress vulnerability allows code execution for authors"

"2018/01/24: The WordPress security team estimates the time to fix to be 6 months."

RIPS could have at least waited one more month. It sounds like Wordpress gave their HackerOne extension deadline.

Also, lots of typos and bad wording in the article makes it look even less professional. For instance, if I didn't know the context, the following sentence makes absolutely no sense:

"The value of $_POST[‘thumb’] could hold the, to the WordPress upload directory relative, path of any file, and when the attachement gets deleted, the file will get deleted with it as seen in the first listing."

from Hacker News: "WordPress" comments https://ift.tt/2yOx0G4
via IFTTT