Global MySQL rights necessary to run this plugin? | WordPress.org

Resolved Acky
(@madnil)

10 years, 7 months ago

Like I few others I had the problem to install the latest version of this plugin. The administration panel didn’t show up. I turned out to be a problem with the rights of the WP user in the wp-config.php accessing the MySQL database. Acunetix pointed out, that it must be necessary for this user to create and alter the database.

As a matter of fact my user had these rights and it still didn’t work. I had to give the user the global rights to create and alter databases, then the plugin worked. Of course this is a big security issue and I’m not willing to grant a plugin access to all of the databases of my MySQL installation.

@acunetix Why does your plugin need global rights? Or is this simply a bug?

P.S.: I run a couple of plugins who create and alter tables in the database of my blog. But only this single database!

http://wordpress.org/plugins/wp-security-scan/

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter Acky
(@madnil)

10 years, 6 months ago

I’m actually wondering why the makers of a security plugin don’t seem to bother to comment regarding a security concern of their plugin.

Plugin Author Acunetix
(@acunetix)

10 years, 6 months ago

Hello Acky

Thank you for your feedback.

I’m sorry for the late reply but I somehow missed your thread…

The plugin does not need access to your “all” databases, it uses the current user and pass to access the database defined in the config file.

If the script didn’t execute with that information it more likely seems like a bug, and we’re going to investigate it.

Thanks again for the feedback!

Regards,
Costin

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Global MySQL rights necessary to run this plugin?’ is closed to new replies.

In: Plugins
2 replies
2 participants
Last reply from: Acunetix
Last activity: 10 years, 6 months ago
Status: resolved