dgmstuart
Forum Replies Created
-
I don’t know anything about any occurrences of anyone actually trying to exploit these vulnerabilities – only that they exist.
If I read them correctly, they all require the attacker to already have some level of admin access, so if someone *was* able to exploit them then it’s anyone’s guess what else they were able to do,
Oh, looks like the plugin has been removed from the directory anyway (?)
I did a quick google, and found what seems to be the WordPress function you’re supposed to be using when you do things like this: https://codex.ww.wp.xz.cn/Function_Reference/validate_file
I don’t know anything about what this plugin does, so I don’t understand your question about ‘unlinking’. Using
/tmpon the server to store files seems pretty extreme though: I’d hope that people wouldn’t give the wordpress process such wide access to the system that this would be possible.Perhaps you just need to regularly clean up the
Uploadsdirectory – deleting files older than a certain age.Sounds like this should be fixed by checking that the download path of the requested file is within a directory that you’re expecting. Presumably this should be under
/Uploads, since that’s the only directory you can rely on being writeable by the WordPress user.Here’s an older advisory with the same issue from an apparently different source: http://seclists.org/fulldisclosure/2015/Mar/23
+1
Forum: Hacks
In reply to: Version number isn't showing up on the plugin directory pageThanks Ipstenu – could you please be a bit more specific?
What is wrong exactly?It all looks fine to me: The keys and values both look like they’re formatted as per the spec.
Forum: Hacks
In reply to: Version number isn't showing up on the plugin directory pageGreat – thankyou @esmi