I just discovered a possible vulnerability in a WordPress plugin that supports OpenID authentication for comments. The developer’s website is down and the plugin hasn’t been updated in two years.

What’s protocol for this these days? I’ve trivially patched my own install, but (particularly pending further analysis which I have not done – for all I know it’s not actually exploitable… but I kind of think it is) I strongly recommend disabling this plugin unless you have your own patch.