[wp-hackers] Possible vulnerability with the plugin system
johnbillion+wp at gmail.com
Thu Dec 6 15:02:32 GMT 2007
On Nov 30, 2007 6:56 PM, Andy Skelton <skeltoac at gmail.com> wrote:
> On Nov 30, 2007 12:34 PM, John Blackbourn <johnbillion+wp at gmail.com> wrote:
> > Does this class as a vulnerability?
> It makes little sense for a plugin to do anything rash simply by
> including a file and this is not a design pattern I have seen in the
> You bring up an excellent point: WordPress should not include a file
> indicated by a URL query string that has not been specified in an
> add_submenu_page call. Please submit a bug report and a patch if you
> are prepared to write one.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers