Security Issue…

  • Resolved JJNW

    (@jjnw)


    8 years, 11 months ago

    I noticed on line 434 in admin-custom-login.php there is a$settings = json_decode( file_get_contents( $import_file ) ); which I believe could allow someone to inject code remotely. Can anyone expand on this?

    I commented out the line to ensure security, and found no issues yet with doing this. Any guidance or advice would be appreciated.

Viewing 1 replies (of 1 total)
  • Plugin Author Weblizar – WordPress Themes & Plugin

    (@weblizar)

    8 years, 11 months ago

    Hi Jjnw,

    The plugin has Import & Export setting like when you migrate your site from old to new. Then you don’t need to configure all plugin settings again.

    Just export the setting for old server, the server makes a JSON file of setting. Then go to new server import the JSON file to get all your previously saved configurations.

    That’s it.

    Note: Only admin allow to do this, no one can hit this line of code coz it’s the part of a function. And this function run only when admin triggers this action manually.

    Hope you understand.

    Thanks for using this plugin, your feedback is really appreciated. 🙂

Viewing 1 replies (of 1 total)

The topic ‘Security Issue…’ is closed to new replies.