Warning: Security issue on plugins (3 posts)

  1. alakhnor
    Posted 9 years ago #

    Not where this should go (nor if already has been posted).

    There has been a warning on security for some plugins who add buttons in the editor bar.

    Plugins involved are myGallery and Wordtube. Update those as soon as possible.

    If you use a plugin which insert such a button, I suggest you check on the plugin site.

    Note: Viper's nice plugins and Image Manager does not have this security issue.

  2. whooami
    Posted 9 years ago #


    It's not buttons that anyone has to be worried about. Both plugins you mention allowed the "path to certain files" to be set via an http_ post

    Given that, its then possible to set a path to malicious file.

  3. alakhnor
    Posted 9 years ago #

    Yes, you're right. But the way they do it (insert button) has been shown many times on internet as a way to insert button with WP 2.1.

Topic Closed

This topic has been closed to new replies.

About this Topic