WordPress.org

Ready to get started?Download WordPress

Forums

WP CleanFix
Remote Code Execution Warning (2 posts)

  1. Enigma Ideas
    Member
    Posted 2 years ago #

    Love the plugin however when I conducted a scan with the 6scan plugin I received this warning: Malicious user could execute arbitrary code. The file in question being wpCleanFixAjax.php with the following guidelines:

    1)Find the line that begins with '$command = strip_tags( $_POST['command'] );'
    2)Append the next lines with the following:

    if (!is_admin())
    return;

    Supposedly this only protects against anonymous execution, but non admins could still do this. I was wondering if this is an accurate warning.

    http://wordpress.org/extend/plugins/wp-cleanfix/

  2. henrisalo
    Member
    Posted 1 year ago #

    This issue is resolved. Please see: https://github.com/wpscanteam/wpscan/issues/186

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic