WordPress.org

Ready to get started?Download WordPress

Forums

Theme Authenticity Checker (TAC)
undetected links within theme files (2 posts)

  1. intimez
    Member
    Posted 1 year ago #

    If a theme includes a file that is hosted on another domain, it is not being detected. I found this out only when seeing odd load and photo not being displayed.

    -png file embeded in theme option section
    -java script widget from third party

    I believe plugin only look for "a href" but suggest that it searches for all URLs.

    http://wordpress.org/extend/plugins/tac/

  2. romainsimon
    Member
    Posted 4 months ago #

    I found the same thing. TAC developement team should add images check

    <?php include (TEMPLATEPATH . '/images/social.png'); ?>

    Such a code is not detected as malicious by TAC. It seems to be an image, but when you open it, it contains in fact a Curl request that imports malicious code into your WordPress installation.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.