FTP Access
Security Bug (4 posts)

  1. Naser Mirzaei
    Posted 2 years ago #

    Your Plugin Has a security bug
    Other plugins can use FTP variable and recieve ftp password!!!
    you can use this constants in wp-config.php to do same thing:

    define( 'FTP_USER', 'username' );
    define( 'FTP_PASS', 'password' );
    define( 'FTP_HOST', 'ftp.example.org' );
  2. I'm not really disagreeing with you but is that really a security bug or even a problem with this plugin?

    FTP (a horrible designed on a napkin protocol) requires that the userid/password either be stored somewhere or prompt the user each time. Prompting wouldn't make for a useful plugin.

    Also if you do use those constants how is that different from a security point of view than what this plugin is doing?

    Lastly, if another plugin is doing malicious things and executing code on your WordPress installation then what this plugin does is besides the point. Your installation is aleready compromised. ;)

  3. Danial Hatami
    Plugin Author

    Posted 2 years ago #

    there is no security bug with this plugin ,
    This plugin does exactly what those codes do !!

  4. Naser Mirzaei
    Posted 2 years ago #

    I dont say that this plugin steals ftp info, but it save ftp password in an array and it can extract by others
    آره داداشم

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • FTP Access
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.