[wp-trac] Re: [WordPress Trac] #6871: Plugins without headers don't
show in the plugins page, keeping some exploits hidden
WordPress Trac
wp-trac at lists.automattic.com
Wed Jul 16 00:59:53 GMT 2008
#6871: Plugins without headers don't show in the plugins page, keeping some
exploits hidden
------------------------------------------------------------+---------------
Reporter: guillep2k | Owner: guillep2k
Type: defect | Status: assigned
Priority: high | Milestone: 2.6.1
Component: Security | Version: 2.6
Severity: critical | Resolution:
Keywords: exploit security has-patch dev-feedback tested |
------------------------------------------------------------+---------------
Comment (by jacobsantos):
If that is the case and a plugin was injected, then that is a separate
issue. You are only working around the original issue at the cost of
performance. Well, you do have a point, if another exploit was made, then
this would be a good thing, since you are again right, not many will visit
the plugins.php page after it is set up.
How did the plugin get injected through TinyMCE? Was that bug fixed in
3.0.x? How can it be prevented in the future?
--
Ticket URL: <http://trac.wordpress.org/ticket/6871#comment:20>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list