[wp-trac] [WordPress Trac] #44826: system calls through php are not prevented
WordPress Trac
noreply at wordpress.org
Tue Aug 21 14:02:26 UTC 2018
#44826: system calls through php are not prevented
----------------------------+------------------------------
Reporter: danielsvartman | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version:
Severity: major | Resolution:
Keywords: close | Focuses:
----------------------------+------------------------------
Changes (by afragen):
* keywords: => close
* version: 4.9.8 =>
* component: General => Plugins
Comment:
Just because something is possible doesn’t mean that it’s a bug.
If you, as a user, has the privileges to install a plugin of your own
creation to the site — you have administrator privileges. As such, you
have the privileges to put up any code that PHP can run and cause whatever
damage is possible.
“With great power comes great responsibility.”
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44826#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list