[wp-hackers] Security Vulnerability found - Forum Post

[Scott Reilly]

I believe user_level of 5 or higher is required to edit a plugin via
the plugin editor, so this particular approach probably isn't
exploitable.

On 4/13/05, Mark Jaquith <mark.wordpress at txfx.net> wrote:
> >
> They could still just edit a plugin with code that would spit out the
> contents of wp-config.php and then they would have full access to your
> database.
>