- cross-posted to:
- cybersecurity@sh.itjust.works
- cross-posted to:
- cybersecurity@sh.itjust.works
Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin.
You must log in or # to comment.
Nutshell: exposed were just names & email addresses, which Pi-Hole says didn’t even have to be accurate as they were just used for the donors to track their own donations. No other (more important) info such as payment details were involved Nothing to do with Pi-Hole itself outside of their rather questionable choice of using WordPress, which is a platform with quite a history of security problems.
Ehhh I don’t fault their use of Wordpress. Pi-hole has been around for a very long time; long before Hugo or other more modern website frameworks existed. Back then Wordpress was the quick and dirty way to get a site up without much hassle. Probably just never got around to transitioning to something else.
