News of the XSS bug in Subscribe2 didn’t show up in any of my RSS feeds or mailing lists, even though it’s a fairly popular plugin,  so I wanted to make a note of it in case anyone else missed it. Version 8.2 has a fix for it.

Update: It also sounds like an official WordPress mailing list for plugin security notifications is in the works.