security issue with allowing users to map their own domains
Note there is a security hole in this plugin where if a user is allowed to map their own domains via the wp-admin tools interface, they can just enter a subdomain of the current wordpress network and take it over.
So for example if wordpress.org was running mu and this plugin and you were at blah.wordpress.org and the admin menu was active, they can map news.wordpress.org over their blog
There needs to be a security check that that the domain they entered is not a subdomain of the current network, even if it is not active.
- The topic ‘security issue with allowing users to map their own domains’ is closed to new replies.