[wp-hackers] Security Vulnerability found - Forum Post

Scott Reilly scottr at gmail.com
Wed Apr 13 20:46:37 GMT 2005


I believe user_level of 5 or higher is required to edit a plugin via
the plugin editor, so this particular approach probably isn't
exploitable.

On 4/13/05, Mark Jaquith <mark.wordpress at txfx.net> wrote:
> >
> They could still just edit a plugin with code that would spit out the
> contents of wp-config.php and then they would have full access to your
> database.
>


More information about the wp-hackers mailing list