[Plugin: TTC WordPress Security Tool] Security vulnerability | ww.wp.xz.cn

John Blackbourn
(@johnbillion)

WordPress Core Developer

14 years, 6 months ago

Ironically, this “security” plugin contains a glaring SQL injection vulnerability which allows anyone to execute arbitrary SQL commands on any site it’s installed on, all while avoiding being added to the blacklists or security logs.

Could you provide me with a contact email address please and I’ll forward on the details? Feel free to email me at johnbillion at gmail.

John

http://ww.wp.xz.cn/extend/plugins/ttc-wordpress-security-plugin/

Viewing 3 replies - 1 through 3 (of 3 total)

MickeyRoush
(@mickeyroush)

14 years, 6 months ago

John Blackbourn wrote:

Could you provide me with a contact email address please and I’ll forward on the details? Feel free to email me at johnbillion at gmail.

John

http://herselfswebtools.com/2008/06/wordpress-security-plugin-block-scrapers-hackers-and-more.html

Mark (podz)
(@podz)

14 years, 6 months ago

The author was informed yesterday and the fix was made within hours.
Please check the latest version as others are now not being served and should be auto-updated.

MickeyRoush
(@mickeyroush)

14 years, 6 months ago

Mark wrote:

The author was informed yesterday and the fix was made within hours.
Please check the latest version as others are now not being served and should be auto-updated.

Will this plugin be reinstated into the WordPress plugin depository?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘[Plugin: TTC WordPress Security Tool] Security vulnerability’ is closed to new replies.

3 replies
3 participants
Last reply from: MickeyRoush
Last activity: 14 years, 6 months ago
Status: not resolved