[wp-trac] Re: [WordPress Trac] #6871: Plugins without headers don't
show in the plugins page, keeping some exploits hidden
WordPress Trac
wp-trac at lists.automattic.com
Wed Jul 16 01:25:11 GMT 2008
#6871: Plugins without headers don't show in the plugins page, keeping some
exploits hidden
------------------------------------------------------------+---------------
Reporter: guillep2k | Owner: guillep2k
Type: defect | Status: assigned
Priority: high | Milestone: 2.6.1
Component: Security | Version: 2.6
Severity: critical | Resolution:
Keywords: exploit security has-patch dev-feedback tested |
------------------------------------------------------------+---------------
Comment (by guillep2k):
''How did the plugin get injected through TinyMCE? Was that bug fixed in
3.0.x? How can it be prevented in the future?''
I'm sorry I couldn't find out. I could only do some forensics on the
issue, and I found the injection script in the TinyMCE temporary folder.
You can see more info at:
[http://wordpress.org/support/topic/169246?replies=8#post-746480] (my
reply as guillep2k)
I agree with you that the TinyMCE bug is a separate issue, but it is
beyond my possibilities to track it down ATM.
--
Ticket URL: <http://trac.wordpress.org/ticket/6871#comment:21>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list