[wp-trac] Re: [WordPress Trac] #6871: Plugins without headers don't
show in the plugins page, keeping some exploits hidden
WordPress Trac
wp-trac at lists.automattic.com
Tue Apr 29 12:18:37 GMT 2008
#6871: Plugins without headers don't show in the plugins page, keeping some
exploits hidden
------------------------------+---------------------------------------------
Reporter: guillep2k | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.5.2
Component: Security | Version: 2.5
Severity: critical | Resolution:
Keywords: exploit security |
------------------------------+---------------------------------------------
Changes (by DD32):
* keywords: exploit => exploit security
Comment:
Just a quick run over for detecting plugins which are active which are not
valid and/or are not stored in the !WordPress plugin directory.
The extra processes are only run when accessing the plugins page, so no
overhead is added for most pageloads.
However, Thanks to !WordPress's filters, It'll allways be possible for
exploits to hide themselves in cases like this. So Unless SQL's are hard-
coded into the plugins page skipping the get_option/update_option
routines, an exploit can filter it all too..
--
Ticket URL: <http://trac.wordpress.org/ticket/6871#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list