[wp-trac] Re: [WordPress Trac] #6871: Plugins without headers don't
show in the plugins page, keeping some exploits hidden
WordPress Trac
wp-trac at lists.automattic.com
Wed Apr 30 01:14:23 GMT 2008
#6871: Plugins without headers don't show in the plugins page, keeping some
exploits hidden
------------------------------+---------------------------------------------
Reporter: guillep2k | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.6
Component: Security | Version: 2.5
Severity: critical | Resolution:
Keywords: exploit security |
------------------------------+---------------------------------------------
Changes (by DD32):
* milestone: 2.5.2 => 2.6
Comment:
> I think it's a good idea to deactivate invalid plugins, but I'm not sure
that this will provide much protection from this kind of attack.
It provides Zero protection for exploits written/modified after its
implemented, It provides little protection for exploits written before
implementation.
If a exploit can execute php, write files, or access the database, then
nothing !WordPress does will be safe.
I'm going to set the Milestone to 2.6, any patches made there can be back-
ported to 2.5 if need be, But i honestly do not see any ways that the
issue in this ticket can be solved 100% by !WordPress, The only way is to
actually implement some security on the server to proect against it.
--
Ticket URL: <http://trac.wordpress.org/ticket/6871#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list