[wp-hackers] Moved from BlogWare to WordPress - Need Help
seanhickey at gmail.com
Sat May 20 10:06:20 GMT 2006
> I'll contact Sean directly, but I'd advise disabling the plugin in
> the meantime.
That's alright, I'm here. :) I need to pay more attention to the
hacker's list, it's starting to collect dust in my Google inbox.
Okay, so at the top of the plugin's backend script, the admin.php
script is included. This is the same as nearly every other script in
the admin directory. So unless I'm missing something, any security
holes in the plugin also exists in the core of WP, which kind of makes
a security hole in the plugin a mute point.
P.S. That's the only reason I include the admin.php, since the backend
script doesn't need it.
More information about the wp-hackers