Out now, be careful.
Any solution to this yet? Is a concern that the info and vulnerability issues are spreading out!
I disabled the plugin for the time being, also, if you have enabled the use of .htaccess in your wp-admin directory (Apache web server) this should work as well:
<Files ~ "\.(php)$">
Allow from 0.0.0.0
Deny from all
0.0.0.0 being your ip address, you may have to modify this depending on your configuration.
Is I am wondering if these elements only apply to those using the database backup functionality. These attacks look as though they require a certain configuration.
My question is, is this something that is a general security hole. The report does not declare any details on what circumstances allow for the acts to be successful. Yes there may be a security hole here but is it necessarily an item that can be easily exploited if all other security elements are in place?
Again, I don't know but those are my questions as a web developer. And overreacting is not usually the best response.
Those proposed vulnerabilities have been discussed with the WordPress plugin repo folks and others and are not valid.
Thanks for jumping in Chris! Didn't think there was anything to worry about I know you are on your game. Thanks for putting in all the hours on such a great plugin.
You must log in to post.