WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: WP Super Cache] wp super cache & exploits/hacks or vulneravitys? (3 posts)

  1. Randall Flagg
    Member
    Posted 5 years ago #

    Well, recently I had some problems with my wordpress, I got some not wanted <iframe> in my site.
    So I started my research, and got here...
    http://factoryjoe.com/blog/2007/11/08/vulnerability-in-wp-super-cache-v01/comment-page-1/#comment-104466
    and said this:
    Does this bug still a problem?
    The Version: 0.9.4.3 is now on, but I think I had a vulnerabily over this plugin…
    I’m not sure, but I got an Exploit via … nothing to worry to much.
    In windows Eset anti-virus marked my site as dangerous.
    (thou it could be some javascript I put there, somewhere I think, with the wp-super-cache let someone in)
    The Iframes where into de WP Core.. not in my template, so it was a real pain in the ass to now what the heck it was.

    Now I put in my site the SECRET_KEY with a well password.. But, i activated again the wp-super-cache.. lets see what happends

    -----

    Does this vulneravility problem still a problem?

  2. Donncha O Caoimh
    Member
    Posted 5 years ago #

    That was fixed a long time ago, and it was a problem in the recursive mkdir() function WP uses that is fixed too. At the time passing "//" to it would do strange things. WP Super Cache happened to expose that on some hosts (but not all). There wasn't a vulnerability that a remote hacker could take advantage of.

    You were hacked some other way, probably before you upgraded to wp 2.7.1 or through one of your plugins. Look for my exploit scanner to help get rid of the malicious code.

  3. Randall Flagg
    Member
    Posted 5 years ago #

    Thanks! =)
    Just wanted to make sure actually.
    I think I know were the problem was.
    Unless I know now that my wp is safe =)

Topic Closed

This topic has been closed to new replies.

About this Topic