- the exploit is so easy hundreds of websites will be affected(you can steal DB credentials just by typing a url).
- it's a combination of negligence from the developer of the plugin who didnt disclose the exploit for 6 month(he just patched it) and the fact,like him a lot of wordpress plugin developpers just dont know what they are doing.
the hack relies on a simple directory traversal attack :
Many pro developpers ,even here, use wordpress to host content for clients.It's important they know what they risk with 3rd party plugins such as a simple image slider.
As someone who both uses Wordpress and develops plugins (which I try my best to make secure) this is both annoying and terrifying. I don't know how you could have a plugin architecture in PHP like Wordpress has, and have any real security without some constant diligence.
2 comments
[ 0.22 ms ] story [ 10.3 ms ] thread- the exploit is so easy hundreds of websites will be affected(you can steal DB credentials just by typing a url).
- it's a combination of negligence from the developer of the plugin who didnt disclose the exploit for 6 month(he just patched it) and the fact,like him a lot of wordpress plugin developpers just dont know what they are doing.
the hack relies on a simple directory traversal attack :
http://en.wikipedia.org/wiki/Directory_traversal_attack
Many pro developpers ,even here, use wordpress to host content for clients.It's important they know what they risk with 3rd party plugins such as a simple image slider.