Support » Plugin: FTP Access » Security Bug

Security Bug

  • Naser Mirzaei

    (@dll1024)


    7 years, 5 months ago

    Your Plugin Has a security bug
    Other plugins can use FTP variable and recieve ftp password!!!
    you can use this constants in wp-config.php to do same thing:

    define( 'FTP_USER', 'username' );
define( 'FTP_PASS', 'password' );
define( 'FTP_HOST', 'ftp.example.org' );

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    7 years, 5 months ago

    I’m not really disagreeing with you but is that really a security bug or even a problem with this plugin?

    FTP (a horrible designed on a napkin protocol) requires that the userid/password either be stored somewhere or prompt the user each time. Prompting wouldn’t make for a useful plugin.

    Also if you do use those constants how is that different from a security point of view than what this plugin is doing?

    Lastly, if another plugin is doing malicious things and executing code on your WordPress installation then what this plugin does is besides the point. Your installation is aleready compromised. 😉

    Plugin Author Danial Hatami

    (@boyfa)

    7 years, 5 months ago

    there is no security bug with this plugin ,
    This plugin does exactly what those codes do !!

    Thread Starter Naser Mirzaei

    (@dll1024)

    7 years, 5 months ago

    I dont say that this plugin steals ftp info, but it save ftp password in an array and it can extract by others
    آره داداشم

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security Bug’ is closed to new replies.

Views