[wp-trac] Re: [WordPress Trac] #6871: Plugins without headers don't show in the plugins page, keeping some exploits hidden

WordPress Trac wp-trac at lists.automattic.com
Wed Apr 30 01:14:23 GMT 2008


#6871: Plugins without headers don't show in the plugins page, keeping some
exploits hidden
------------------------------+---------------------------------------------
 Reporter:  guillep2k         |        Owner:  anonymous
     Type:  defect            |       Status:  new      
 Priority:  high              |    Milestone:  2.6      
Component:  Security          |      Version:  2.5      
 Severity:  critical          |   Resolution:           
 Keywords:  exploit security  |  
------------------------------+---------------------------------------------
Changes (by DD32):

  * milestone:  2.5.2 => 2.6

Comment:

 > I think it's a good idea to deactivate invalid plugins, but I'm not sure
 that this will provide much protection from this kind of attack.

 It provides Zero protection for exploits written/modified after its
 implemented, It provides little protection for exploits written before
 implementation.

 If a exploit can execute php, write files, or access the database, then
 nothing !WordPress does will be safe.

 I'm going to set the Milestone to 2.6, any patches made there can be back-
 ported to 2.5 if need be, But i honestly do not see any ways that the
 issue in this ticket can be solved 100% by !WordPress, The only way is to
 actually implement some security on the server to proect against it.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/6871#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list