WordPress.org

Support

Support » Plugins and Hacks » Stop User Enumeration » [Resolved] Bypass protection with URL-encoded null bytes

[Resolved] Bypass protection with URL-encoded null bytes

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Badlywired

    @llocally

    Thanks for both the vulnerability and the suggested edit. I hope to be able to make a release shortly

    Plugin Author Badlywired

    @llocally

    I am including this in the next release.

    It is only required in the second match.

    The first match is there to allow genuine get calls to author in the admin backend to get through (as when you click on ‘author’ links in posts is uses author in the query string )

    Plugin Author Badlywired

    @llocally

    Released

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Resolved] Bypass protection with URL-encoded null bytes’ is closed to new replies.
Skip to toolbar