WARNING: Security vulnerabilities in the pling platform


after unsucessfully having tried contacting the pling team in various ways (incl. this forum), I have now published information about yet unpatched vulnerabilities in all pling-based marketplace websites as well as the PlingStore native application in order to warn you users:

  • appimagehub.com, store.kde.org, gnome-look.org, xfce-look.org, pling.com are affected by a stored, wormable Cross-Site Scripting vulnerability that allows taking over accounts
  • The PlingStore Electron app is affected by a Remote Code Execution vulnerability that can be exploited by any website while PlingStore is running in the background

The full details can be found here: Linux marketplaces vulnerable to RCE and supply chain attacks | Positive Security


Lmao Im a little shocked at the length you needed to goto to disclose this… Seriously WTF. 12 hours later and not even a comment.

This is the report about the issue Regarding security reportings | Opendesktop.org