WARNING: LIVE EXPLOIT | WordPress.org

Resolved ieh
(@ieh)

9 years, 1 month ago

I can’t post the link here, but I was able to post it in the main support thread, although that thread has been closed.

Please see here for information about the exploit:

https://en.forums.wordpress.com/topic/live-exploit-in-plugin-js-support-ticket-and-i-cant-notify-them

https://wordpress.org/plugins/js-support-ticket/

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter ieh
(@ieh)

9 years, 1 month ago

The link to the exploit is in the above thread.

Please note that anyone can upload any file and access it via browser, i.e. a php file, and gain access to post files anywhere in the site. It took me four days to figure out it was this plugin.

Plugin Author JoomSky
(@rabilal)

9 years, 1 month ago

Hi,

Thank you very much to point out bug.

We fix it, please update to latest version.

Regards,
Ahmad Bilal

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘WARNING: LIVE EXPLOIT’ is closed to new replies.

In: Plugins
2 replies
2 participants
Last reply from: JoomSky
Last activity: 9 years, 1 month ago
Status: resolved