[wp-trac] Re: [WordPress Trac] #6871: Plugins without headers don't show in the plugins page, keeping some exploits hidden

WordPress Trac wp-trac at lists.automattic.com
Wed Jul 16 01:25:11 GMT 2008


#6871: Plugins without headers don't show in the plugins page, keeping some
exploits hidden
------------------------------------------------------------+---------------
 Reporter:  guillep2k                                       |        Owner:  guillep2k
     Type:  defect                                          |       Status:  assigned 
 Priority:  high                                            |    Milestone:  2.6.1    
Component:  Security                                        |      Version:  2.6      
 Severity:  critical                                        |   Resolution:           
 Keywords:  exploit security has-patch dev-feedback tested  |  
------------------------------------------------------------+---------------
Comment (by guillep2k):

 ''How did the plugin get injected through TinyMCE? Was that bug fixed in
 3.0.x? How can it be prevented in the future?''

 I'm sorry I couldn't find out. I could only do some forensics on the
 issue, and I found the injection script in the TinyMCE temporary folder.
 You can see more info at:
 [http://wordpress.org/support/topic/169246?replies=8#post-746480] (my
 reply as guillep2k)

 I agree with you that the TinyMCE bug is a separate issue, but it is
 beyond my possibilities to track it down ATM.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/6871#comment:21>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list