Mingle Forum Security Issues

  • Resolved bluemoon62

    (@bluemoon62)


    11 years, 1 month ago

    This forum has so much promise and potential to be a great tool. However, it also has potential for being breached.

    Two files look risky:

    1. /captcha/shared.php (contains a couple of instances that use base64_ ):

    $mystr = WPF...
    $mystr = rawurlencode(base64_encode($mystr));
	return $mystr;

    Perhaps this file is safe but it doesn’t seem like a good practice to use that code within php. Perhaps it’s a non-issue for those that don’t use the Captcha feature and the file can be removed without harming anything.

    2. /wpf.class.php – not sure what happened to this file but my FTP won’t open to read it even when I change the file format from .php to something else which raises red flags for me. I know that I modified it at one time with another program to fix some issues with it and it’s been reported to be a risky file.

    Not sure if this file still needs to be accessed by the program or if it can be safely removed.

    Also, in the interest of keeping things simple and not having extra files, it’s a good idea to remove all of the foreign language interpretations in the i18n directory that you don’t need.

    I want to like this software and can tell that a lot of work went into it. However, its security is questionable.

    http://wordpress.org/extend/plugins/mingle-forum/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author cartpauj

    (@cartpauj)

    11 years, 1 month ago

    Mingle Forum has been reviewed by many Security firms. Any and all issues that were found have been resolved. Mingle Forum 1.1.0 will take another giant step in the right direction to ensure its security.

    In any scenario hackers always seem to be one step ahead, Facebook, Twitter, Microsoft, Zendesk, even US Government agencies have been hacked in the last month alone. If you’re worried about security, put on a tinfoil hat, and unplug from the web 😉 — no seriously, the internet is not a safe place, nor do I believe it ever will be!

    That being said, we are continuing to evolve the plugin to follow the strictest WP security standards as laid out in their Codex.

    Thread Starter bluemoon62

    (@bluemoon62)

    11 years, 1 month ago

    Thank you for the feedback.

    It’s reassuring to know that you fixed the issues and will continue to do so until further notice.

    It’s true that the internet is not a safe place and the only guarantee is to disconnect from the it altogether.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Mingle Forum Security Issues’ is closed to new replies.