Post removed. Reason I don't understand, but I apologize

I just received a message from the forum bot telling me that one of my posts has been removed, because (I quote):

the community feels it is an advertisement, something that is overly promotional in nature instead of being useful or relevant to the topic as expected.

The post was about three serious vulnerabilities present in various WordPress plugins that are also compatible with ClassiPress. I discovered it because I have a secondary site that suffered these attacks and, to try to understand where they came from, I did a search on the web, finding the information I was looking for in the link I had posted.

I sincerely wondered if there was anything promotional in a post that just wanted to give information that I thought was important for the community.

In any case, I deeply apologize for giving this impression, which I absolutely did not want to give to the community of this forum. :frowning:

I do not know if that is the reason, however since you reported vulnerabilities that are classified as “zero-day” there is a safety risk in advertising them publicly.

What usually gets done is to contact the developer of the affected software privately and directly asking to address the issue, so that they can respond in a timely manner to it releasing a fix.

Spreading the world out might seem a good move, but:

1 - the information divulged can rise panic in general users who might fear they are affected
2 - bad actors can take advantage of the gap between the zero-day discovery and the release of the fix to exploit it.

Generally the big companies divulging these zero-day vulnerability divulge them only after privately reaching out to the developer and it is a good practice not to divulge the information to the wide public (let’s say it’s a "for developers only information due to its sensible nature). Considering the forum is for people of all knowledge levels it is good practice not to use it to divulge such info.

1 Like

What you say is true, but then that should have been the reason: I would have understood it better.

However, I also point out that those vulnerabilities have already been resolved by the plugin producers and if you search the web, practically all the major sites that deal with WordPress security talk about them. The communication was aimed at those who, perhaps, had not updated them, so that they could do so as soon as possible. The plague of failed plugin updates can seriously endanger the maintenance of websites, data security and privacy.

For these reasons I thought it relevant to report it here too. But given how it ended, I will refrain from doing so in the future.

In any case, I’m sorry for giving the impression of wanting to spam, I who hate it and fight it literally every day on my sites. Ironic, right? :sweat_smile:

Thanks for this clarification, Elisabetta.

For what it is worth, I had seen that info before it was posted here and considered it good information. Knowing about something is better than being clueless, no?

1 Like

I suspect that’s an automated message that Zulip sends out. I presume it’s configurable, so it sounds like something we should look into.

1 Like

@timkaye it was on the forum, posted if I recall correctly yesterday. someone (can’t remember who) replied that “it was better to ask moderators’ help” or something along the lines of that under his post (and I did not grasp the sense of the reply at first because IMHO the user who replied writes in English as a second language, so one has to sometimes understand that being such it is difficult to convey meanings correctly).

2 Likes

@ElisabettaCarrara no, my post had been on the forum for two weeks and the user commented yesterday with that incomprehensible message.

1 Like

I wasn’t recalling correctly then. Thanks.

1 Like