The following are the results for the WordPress Plugin Competition, in reverse order.
Consolation Prize
The consolation prize winner is Ozh for Who Sees Ads. WhoSeesAds is a wonderfully useful plugin that lets WordPress users determine whe sees the ads on your blog. Ozh wins hosting from Pajama Mommy and a free 48″ wallhog from Wallhogs.com
Third Prize
The third prize winner is Keith Dsouza for WordPress Automatic Upgrade which lets you automatically upgrade WordPress from your admin interface with this Plugin. Keith wins a Baby Hosting Plan for 1 year (Valued at $134.40) from Hostgator, a copy of Translator Pro 5.0 and $200 in cash.
Second Prize
The second prize winner is Barry for MyDashboard. MyDashboard lets you customize your WordPress Dashboard with this plugin and lots of cool gadgets. This plugin also makes the Dashboard skinnable. Barry wins a Swamp Hosting Plan for 1 year (Valued at $194.40) from Hostgator, an autographed copy of Lorelle’s new book, Blogging Tips and $300 in cash
Grand Prize Winner
The Grand Prize Winner of the WordPress Plugin Competition is Anirudh Sanjeev for his OneClick Plugin. OneClick is a WordPress Plugin and Firefox Extension combo that allows you to install WordPress plugins and themes from your browser with one click. Anirudh wins a Basic Dedicated Server for 6 months (Valued at $1,059) from Hostgator, $600 in cash and an 8 GB iPod Nano (or cash equivalent) from Imthiaz
Congratulations to all the winners! All the entries in the competition were all of very high quality and it was quite difficult to choose the top few. Also, judging from the response of the community and the accolades that went around, the competition was a success for the WordPress community. A heartfelt thank you goes from me to all the participants, the Sponsors of the competition, the users of plugins, those who helped rate them on the Competition blog as well as the judges who put their time and effort into sifting through thousands of lines of code. To facilitate quicker distribution of the prizes, I would appreciate it if the winners would send me a quick email with their Paypal information.
i love the one click
Congratulations to all the winners.
Yeeha \o/
Thanks for choosing me as one of the winners among the great plugins in the competition
Terrific work and awesome plugins! Thanks and keep up the good work. Nice to see so much excitement around extending WordPress.
I love the OneClick, too! It was a well-deserved prize.
Congrats all. your work is awesome!
big congratulations to all the winners. keep up the good work guys..
clap clap to all winners, great work guys 🙂
Congratulations 🙂
The works and the judgment are 100%
Cannot disagree with that list at all.
The onclick plugin is awesome and one plugin that I absolutely love and would always recommend and put on every clients WP site.
congrats to all the winners. I love these plugins. Very useful.
Please check the security for this plugins.
1. WordPress Automatic Upgrade: Permite a cualquier usuario no autenticado:
* Generar y descargar los archivos de WordPress (incluye wp-config.php).
* Generar y descargar una copia de seguridad de la base de datos donde está instalado el plugin.
* Activar/Desactivar todos los plugins.
* Actualizar la versión de WordPress.
2. OneClick: Al ser vulnerable a CSRF, permite descargar plugins — o código malicioso — desde cualquier URL.
3. Who Sees Ads: Es vulnerable a CSRF y XSS.
4. MyDashboard: Es vulnerable a CSRF y XSS.
Congratulations to all the winners!!
David: It wouldn’t be a bad idea to use the site’s language for a security notice. At least if you want to be paid attention (and as a BASIC courtesy).
Summary, according to David’s entry:
“OneClick, Who Sees Ads and MyDashboard are all vulnerable to CSRF. Who Sees Ads and MyDashboard are vulnerable to XSS, WordPress Automatic Upgrade allows unauthenticated users to modify the WordPress installation.”
I’m not sure I agree with all of them, although a security warning wouldn’t be a bad thing. WordPress Automatic Upgrade has no more risk than the normal WordPress admin features, as it’s ruled by the same permissions and roles, same as OneClick. MyDashboard is a presentation tweak, not accessible unless authenticated.
I agree with Eduo but I do appreciate the time David has taken to let us know. The security problems with the plugins are limited to logged in users but they should be fixed. Since the original author of the vulnerability has said that he has contacted the plugin authors already, we should expect some patched versions soon.
However, these plugins have been available for quite some time. The timing of the release of these “vulnerabilities” and the way in which they were done bother me and lead me to believe that there were other motives involved. They do not, however, surprise me because this has become the norm in security circles. Sensationalism rules over common sense and care for the user. In order to not incite panic, especially since the vulnerabilities are not as dangerous, and to give the plugin authors a chance to fix their code, I will refrain from harping on this too much.
Mark: I’m not against security advisories. I just mean that without knowing spanish most of the planet will be in the dark on what the message actually means unless they recognize the acronyms but they’ll catch that there are security problems without the plugins.
The original finder didn’t contact the plugin authors before making them public, which is considered a breach of etiquette. As you mention people are using security advisories as trophies and what good is a trophy if you can’t hang it on the wall for all to see? If the holes are taken care of there is nothing for the finder to brag about.
I think that particular blog/blogger is just trying to get some attention and publicity. Besides, if there really are security issues, he should’ve contacted the plugin authors first. Thanks Eduo and Mark for clearing things up.
Great plugins! Wow WordPress is just getting better and better…
Eeek that’s a tough one to judge.
I personally would have given first place to MyDashboard.
The combo of Tiger Admin + MyDashboard, it’s been an amazing revolution for my WP Dashboard now.
Congratulations to all the winners. I will try some plugin soon!
Bye,
P|xeL
I have released a latest version of the plugin which can be downloaded at http://techie-buzz.com/google/.....eased.html
Very cool stuff… I’m definitely going to have to try a couple of these plugins. However, my only question is when is the next competition like this happening?! I might wanna try my hand at it. 🙂
The actual update with security fixes of Keiuth Dsouza’s plugin is here:
http://techie-buzz.com/wordpre.....eased.html
The URL is broken in his comment.
Good countess/competition. I think the winner deserves it. The Firefox extension for WordPress is revolutionary. Kabatology:Open Source, Linux
Awesome plugins! congrats to all the winners.
Congratulations.
Useless plugin for me, though.
where can i see the other entries or nominees? love to see other great plugins!!
Great plugin it has saved me so much time!
Hi there,
Know anyone which plugin to use if I want only the first part (first paragraph) of the article to be displayed? If someone want to read more there will be a “read more” link…
On my blog right now is displayed all of article content and I don’t want this…
I’m talking about the latest 10 articles displayed on the first page of my blog.
I’m using WordPress.
Can anyone help?
I didn’t realize that there were websites like this one where you can win prizes for designing plugins. Wow! What a reward + encouragement to do the things you love.