Upload Exploit

  • Resolved m1da

    (@m1da)


    9 years, 4 months ago

    Hello, my site has been today hacked and compromised!

    Problem is in /wp-content/plugins/wp-symposium/server/php/index.php -> /wp-content/plugins/wp-symposium/server/php/UploadHandler.php

    class UploadHandler is not protected and /wp-content/plugins/wp-symposium/server/php/UploadHandler.php allow any extension!

    On my website has been uploaded encoded .php files for sending spam and many more 🙁

    https://wordpress.org/plugins/wp-symposium/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Simon Goodchild

    (@simongoodchild)

    9 years, 4 months ago

    Hi m1da, sorry to hear about your problems, this is always a priority to fix, could I ask you to log you problem on http://www.wpsymposium.com, as we handle all support through there?

    First please make sure you have updated to the latest version of the plugin as this was previously identified.

    Secondly, ensure that in /wp-content/plugins/wp-symposium/server/php you only have two files:

    index.php and UploadHandler.php

    remove all other files.

    and then let’s continue at http://www.wpsymposium.com to make sure everything is ok with your installation.

    Plugin Author Robert Dempsey

    (@robertd62)

    8 years, 8 months ago

    This has been fixed and is not a issue in latest release

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Upload Exploit’ is closed to new replies.