Security issues. Hacked with this plugin

  • This plug-in is based on the ‘underConstruction’ plugin (the one who was forked). This one has the same bugs. A hack for this plugin (and for the forked plugin) is in the wild. Three (!) sites were hacked, only thing in common was this plugin. Upon close programming inspection, it’s filled with security holes.

    Please add check for proper WordPress access, Input sanitation and denying direct file access.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author mojowill

    (@mojowill)

    Thanks for bringing this to my attention, I would recommend obviously using an alternative solution. I will be removing my fork from the repo as I don’t have time to make the necessary changes.

    Plugin Author mojowill

    (@mojowill)

    There wasn’t actually much that wasn’t already being escaped on the default templates so these have been fixed I have also added direct file access checks.

    Thread Starter birre

    (@birre)

    Great! Thanks for the quick response.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security issues. Hacked with this plugin’ is closed to new replies.