MailPress temporarily withdrawn from the WordPress plugin repository

One month ago, i received a mail from Mika (plugin referee at telling me that MailPress was temporarily withdrawn from the WordPress plugin repository due to an exploit/vulnerability.

I will not describe here this vulnerability for obvious security reasons (it is a tricky one).

Some other subjects were presented :

## Calling file locations poorly (this is currently fixed in trunk)

## Calling core loading files directly
## Not using Nonces and/or checking permissions

Fixing these points will require large code modifications !

## Asks users to edit/writes to plugin

I did not discussed with Mika the essence of open source but THIS means i have to find another place for the mp-content folder. Mika said :

We cannot accept a plugin that forces (or tells) users to edit the plugin files in order to function, or saves data in the plugin folder.
Plugin folders are deleted when upgraded, so using them to store any data is problematic.
[this is why automatic upgrade for MailPress in not recommanded]
Please change your plugin to save those files outside of the plugins folder (in wp-content/pluginname perhaps or wp-content/uploads/pluginname – which would make it work well with multisite, making sure you read to understand where the folders are and how best to call them), or if possible, save data to the wp_options tables.

I will not be able to finalize all the modifications before September (summer time).

If you have any advice, please let me know by mail, in the comments or in google group.

Enjoy your summer !

ps : Mika team apparently has no name, i was tempted by : \NCIS for WordPress Codex Inforcement Squad (with a little touch of Leet :-) )

This entry was posted in News. Bookmark the permalink.

4 Responses to MailPress temporarily withdrawn from the WordPress plugin repository

  1. Brian Bilbrey says:

    How about getting the security fix done and patched? Can that be done sooner than September?

  2. admin says:

    working on it

  3. cie martire says:

    I love this plugin! So usefull!!! Please don’t let it down!

  4. Tiago says:


    There is any news about the new modifications to have again one of the best plugins in wordpress again.

Comments are closed.