[wp-trac] Re: [WordPress Trac] #5564: Non Plugin Files Cab Be Easily Included In Current Plugins using database Manipulation

WordPress Trac wp-trac at lists.automattic.com
Mon Feb 4 14:58:46 GMT 2008


#5564: Non Plugin Files Cab Be Easily Included In Current Plugins using database
Manipulation
-------------------------------+--------------------------------------------
 Reporter:  keithdsouza        |        Owner:  anonymous
     Type:  enhancement        |       Status:  new      
 Priority:  normal             |    Milestone:  2.6      
Component:  General            |      Version:           
 Severity:  normal             |   Resolution:           
 Keywords:  reporter-feedback  |  
-------------------------------+--------------------------------------------
Changes (by pishmishy):

  * component:  Security => General

Comment:

 I'm moving it from the Security component. There may be extra checks that
 could be done here but none will remove the security risk. A malicious
 theme could just manipulate the database directly I'm sure, and we accept
 that risk.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5564#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list