Arctic051
15 hours ago
Didn’t they ban WP Engine on their plugin platform? So they can’t post an update to the CVE even if they wanted to?
flutas
15 hours ago
Yup.
Basically:
1. Ban them from updating the plugin.
2. "btw, here's a CVE for that plugin, you have 30 days until it gets removed or ownership changed."
You can guess what's going to happen next... "Oh, they didn't fix their plugin, the repo is now owned by Automattic."
pluc
14 hours ago
He's already forced them to create an alternative store with their plugins so they can be used on WPEngine. Now he will force a split between the official version, hosted on WPEngine and the one hosted on WordPress.org. Misrepresenting a trademark and causing confusion, exactly what he accused WPEngine of in the first place.
Arctic051
15 hours ago
Have they ever announced a CVE like this before? This seems really convenient. I don’t really like conspiracy theorizing but with everything going in, it doesn’t seem far fetched to think this is sabotage.
unsnap_biceps
14 hours ago
A responsible CEO would put the legal squabble aside and allow the fix to happen for the sake of the customers.
Given Matt isn't doing it, I'm of the opinion that he is using it maliciously.
justinclift
an hour ago
> This seems really convenient.
There is no way this wasn't done in bad faith. I'd have to wonder if it's also crossed the line legally as well, due to being done in bad faith.
mrweasel
14 hours ago
One idea that crossed my mind is that Automattic found a security issue and now they can "force" WPEngine to come up with a mechanism for managing plugins on their own. Then when all this hits the courts they point go "See, they could setup their own infrastructure in less than 30 days. They just choose to use ours to save money.". Or if WPEngine fails to do so, they lose credibility as a Wordpress hosting provider.
Not sure, I'm not a lawyer.
flutas
14 hours ago
Not that I'm aware of.
Couple that with Matt's clearly hinting post earlier today[0] and it really feels... calculated. Just another thing for them to throw on the lawsuit I guess.
[0]: https://x.com/photomatt/status/1842500184825090060
> What are the best alternatives to Advanced Custom Fields @wp_acf for people who want to switch away? Is there an easy way to migrate?
> I suspect there are going to be millions of sites moving away from it in the coming weeks.