Security Issue?
-
I recommended NextGen to a friend of mine for his site and he eventually replied back with this:
Hey, regarding the NextGen plugin you recommended, it might be worth noting to others there is a potential security hole that the default installation makes and my host and I came across it. Pretty much the solution was to make sure that the gallery directory was made in the /wp-content/uploads/ directory instead of it trying to make it in /wp-content/ directory. Doing so outside the uploads directory creates a security issue where a malicious attacker could potentially execute arbitrary code from /wp-content/gallery when chmod as 777, 757 or 755.
Just thought that I would pass the word along. 🙂
- The topic ‘Security Issue?’ is closed to new replies.