WordPress.org

Ready to get started?Download WordPress

Forums

FTP Access
Security Bug (4 posts)

1 star
  1. Naser Mirzaei
    Member
    Posted 7 months ago #

    Your Plugin Has a security bug
    Other plugins can use FTP variable and recieve ftp password!!!
    you can use this constants in wp-config.php to do same thing:

    define( 'FTP_USER', 'username' );
    define( 'FTP_PASS', 'password' );
    define( 'FTP_HOST', 'ftp.example.org' );
  2. I'm not really disagreeing with you but is that really a security bug or even a problem with this plugin?

    FTP (a horrible designed on a napkin protocol) requires that the userid/password either be stored somewhere or prompt the user each time. Prompting wouldn't make for a useful plugin.

    Also if you do use those constants how is that different from a security point of view than what this plugin is doing?

    Lastly, if another plugin is doing malicious things and executing code on your WordPress installation then what this plugin does is besides the point. Your installation is aleready compromised. ;)

  3. Danial Hatami
    Member
    Plugin Author

    Posted 7 months ago #

    there is no security bug with this plugin ,
    This plugin does exactly what those codes do !!

  4. Naser Mirzaei
    Member
    Posted 7 months ago #

    I dont say that this plugin steals ftp info, but it save ftp password in an array and it can extract by others
    آره داداشم

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.