WP CleanFix
Remote Code Execution Warning (2 posts)

  1. Enigma Ideas
    Posted 4 years ago #

    Love the plugin however when I conducted a scan with the 6scan plugin I received this warning: Malicious user could execute arbitrary code. The file in question being wpCleanFixAjax.php with the following guidelines:

    1)Find the line that begins with '$command = strip_tags( $_POST['command'] );'
    2)Append the next lines with the following:

    if (!is_admin())

    Supposedly this only protects against anonymous execution, but non admins could still do this. I was wondering if this is an accurate warning.


  2. henrisalo
    Posted 3 years ago #

    This issue is resolved. Please see: https://github.com/wpscanteam/wpscan/issues/186

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WP CleanFix
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic