[wp-trac] Re: [WordPress Trac] #5565: Plugin can hook into any
functions or variables inside WP
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 2 02:44:41 GMT 2008
#5565: Plugin can hook into any functions or variables inside WP
-------------------------+--------------------------------------------------
Reporter: keithdsouza | Owner: anonymous
Type: defect | Status: closed
Priority: low | Milestone:
Component: Security | Version:
Severity: normal | Resolution: invalid
Keywords: |
-------------------------+--------------------------------------------------
Comment (by darkdragon):
Replying to [comment:1 darkdragon]:
> Indeed that has been possible, but the plugin would have to be first
enabled by the user. However, from your previous tickets, you have stated
that a user might be able to inject plugin code which would disrupt the
plugin process.
[[br]]
Re: A hacker can inject SQL which would allow for enabling code which
could then be used to enable a plugin which the user did not first
activate.
--
Ticket URL: <http://trac.wordpress.org/ticket/5565#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list