Forums

WordPress › Support » Plugins and Hacks

myEASYbackup
myeasybackup has backdoor equivalent security vulnerability (10 posts)

  1. list2010@lunch.za.net
    Member
    Posted 1 year ago #

    If you install myeasybackup 1.0.5.3 (16 December 2010), unauthenticated anonymous outsiders can

    [details removed for obvious reasons]

    and thereby run arbitary code of their choice. It looks like there are a host of similar holes in other parts of the code (meb_settings.php), but marginally more complex to exploit.

    This code is either amateurish, or deliberately written to be exploitable (conditionally assigning values to $_POST?? What is that? It is either sloppy stupidity, or evil genius).

    IMHO, avoid this software until it has had a proper security review.

    http://wordpress.org/extend/plugins/myeasybackup/

  2. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    Have you tried contacting the plugin's developer about this?

  3. camaleo
    Member
    Posted 1 year ago #

    @list2010@lunch.za.net please get in touch and I will fix whatever in needed.
    http ://myeasywp.com

    Thank you,
    camaleo

  4. camaleo
    Member
    Posted 1 year ago #

    @list2010@lunch.za.net

    This code is either amateurish, or deliberately written to be exploitable (conditionally assigning values to $_POST?? What is that? It is either sloppy stupidity, or evil genius).

    My humble opinion: nobody is perfect and nobody has the total knowledge on everything.

    IMHO, avoid this software until it has had a proper security review.

    Don be shy, please let me know what's wrong in detail, check out the modifications in a private beta and let the people know the plugin is ok with your security standards.

    Its a good chance to give something back to the open source community and a better attitude rather than pointing the finger and hiding, do you agree?

    Please get in touch at http://myeasywp.com/contact/

    thank you

  5. hamhere
    Member
    Posted 7 months ago #

    Update - I may have made this post to hastily. I did not check which version of MyEasybackup I had installed. According to the plugin website a security fix was implemented in July.

  6. camaleo
    Member
    Posted 7 months ago #

    @hamhere,

    did you get the info by installing and using the WSD plugin or did you sign up and ran a remote service?

    Just to know how can I proceed to find out how to fix this issue.

    thanks

  7. hamhere
    Member
    Posted 7 months ago #

    I had used WSD Plugin and had the product installed for many months, probably since last 2010. I just recently installed webdefender.

  8. camaleo
    Member
    Posted 7 months ago #

    I just installed the WSD plugin and run a "Scan Reports" but the problem is not shown.

    I am using WSD Plugin 0.4 and myEASYbackup 1.0.8.1: are you using the same versions?

  9. hamhere
    Member
    Posted 7 months ago #

    I confirm the error is gone. So sorry for jumping the gun and flagging the error when I had not done proactive problem determination on my part.

    Thank you for the useful plug in.

  10. camaleo
    Member
    Posted 7 months ago #

    Glad to see the problem is gone!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags