WordPress.org

Support

Support » Plugins and Hacks » [Plugin: WP CleanFix] Remote Code Execution Warning

[Plugin: WP CleanFix] Remote Code Execution Warning

  • Enigma Ideas
    Member

    @enigma-ideas

    Love the plugin however when I conducted a scan with the 6scan plugin I received this warning: Malicious user could execute arbitrary code. The file in question being wpCleanFixAjax.php with the following guidelines:

    1)Find the line that begins with ‘$command = strip_tags( $_POST[‘command’] );’
    2)Append the next lines with the following:

    if (!is_admin())
    return;

    Supposedly this only protects against anonymous execution, but non admins could still do this. I was wondering if this is an accurate warning.

    http://wordpress.org/extend/plugins/wp-cleanfix/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: WP CleanFix] Remote Code Execution Warning’ is closed to new replies.