[wp-trac] [WordPress Trac] #58365: A Bug in the template system
WordPress Trac
noreply at wordpress.org
Sat May 20 13:33:39 UTC 2023
#58365: A Bug in the template system
--------------------------------------+-------------------------------
Reporter: asfarfordev | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.2
Severity: normal | Keywords: reporter-feedback
Focuses: administration, template |
--------------------------------------+-------------------------------
HI
I think there is a serious vulnerability in the theme system in WordPress
that can be used against any site.
I was developing a WordPress theme called Apex, and this morning I was
surprised that all the files I developed had changed.
I searched and found that the problem is that there is a theme called Apex
in the theme market: it updates automatically.
Therefore, it is possible to use this exploit by any other programmer,
such as creating a theme called hespres and placing it in the store to
update the theme of the hespres website if the automatic update is
enabled.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58365>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list