WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Remote File Upload Vulnerability

[Resolved] Remote File Upload Vulnerability

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Andrew Ozz
    WordPress Dev

    @azaozz

    This plugin doesn’t do anything/doesn’t load for non logged-in users. Additionally the settings page is only accessible for admins. In that terms SQL Injections, XSS, and/or remote file upload vulnerabilities are very unlikely.

    If you believe you found vulnerabilities, please contact me privately through http://www.laptoptips.ca/contact/.

    Plugin Author Andrew Ozz
    WordPress Dev

    @azaozz

    @henndi001 thanks for forwarding more info. Both of these advisories are about old versions of the TinyMCE “imagemanager” and “filemanager” plugins. These are commercial plugins available from Moxiecode (the makers of TinyMCE) and are not included (obviously) in TinyMCE Advanced. As far as I can tell this type of exploits has been fixed in these plugin years ago.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Resolved] Remote File Upload Vulnerability’ is closed to new replies.