Title: Vunerable!
Last modified: August 21, 2016

---

# Vunerable!

 *  Resolved [shrewd1983](https://wordpress.org/support/users/shrewd1983/)
 * (@shrewd1983)
 * [12 years, 3 months ago](https://wordpress.org/support/topic/vunerable/)
 * [http://packetstormsecurity.com/files/125219/WordPress-Better-WP-Security-3.6.3-XSS-Disclosure.html](http://packetstormsecurity.com/files/125219/WordPress-Better-WP-Security-3.6.3-XSS-Disclosure.html)
 * Out now, be careful.
 * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/)

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [alsur](https://wordpress.org/support/users/alsur/)
 * (@alsur)
 * [12 years, 3 months ago](https://wordpress.org/support/topic/vunerable/#post-4640879)
 * Any solution to this yet? Is a concern that the info and vulnerability issues
   are spreading out!
 *  Thread Starter [shrewd1983](https://wordpress.org/support/users/shrewd1983/)
 * (@shrewd1983)
 * [12 years, 3 months ago](https://wordpress.org/support/topic/vunerable/#post-4640884)
 * I disabled the plugin for the time being, also, if you have enabled the use of.
   htaccess in your wp-admin directory (Apache web server) this should work as well:
 * <Files ~ “\.(php)$”>
    Order Deny,Allow Allow from 0.0.0.0 Deny from all </Files
   >
 * 0.0.0.0 being your ip address, you may have to modify this depending on your 
   configuration.
 *  [Aaron Cohrs](https://wordpress.org/support/users/amcohrs/)
 * (@amcohrs)
 * [12 years, 3 months ago](https://wordpress.org/support/topic/vunerable/#post-4640943)
 * Is I am wondering if these elements only apply to those using the database backup
   functionality. These attacks look as though they require a certain configuration.
 * My question is, is this something that is a general security hole. The report
   does not declare any details on what circumstances allow for the acts to be successful.
   Yes there may be a security hole here but is it necessarily an item that can 
   be easily exploited if all other security elements are in place?
 * Again, I don’t know but those are my questions as a web developer. And overreacting
   is not usually the best response.
 *  [Chris Wiegman](https://wordpress.org/support/users/chriswiegman/)
 * (@chriswiegman)
 * [12 years, 3 months ago](https://wordpress.org/support/topic/vunerable/#post-4640944)
 * Those proposed vulnerabilities have been discussed with the WordPress plugin 
   repo folks and others and are not valid.
 *  [Aaron Cohrs](https://wordpress.org/support/users/amcohrs/)
 * (@amcohrs)
 * [12 years, 3 months ago](https://wordpress.org/support/topic/vunerable/#post-4640945)
 * Thanks for jumping in Chris! Didn’t think there was anything to worry about I
   know you are on your game. Thanks for putting in all the hours on such a great
   plugin.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Vunerable!’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

 * 5 replies
 * 4 participants
 * Last reply from: [Aaron Cohrs](https://wordpress.org/support/users/amcohrs/)
 * Last activity: [12 years, 3 months ago](https://wordpress.org/support/topic/vunerable/#post-4640945)
 * Status: resolved