WordPress Database Backup: Directory Traversal Vulnerability (35 posts)

  1. Mark (podz)
    Support Maven
    Posted 10 years ago #

    We have many many plugins that require files to be 777 and we get much less complaints than the db-backup.

    We have dozens of hosts who do not take the steps they could to better secure files for their customers and make it necessary for files to be 777.

    And I have yet to see any such vulnerability exploited in the plugins directory. It's a hit/miss there with probably a much higher miss rate.
    Every 'exploit' I have seen here had been in a theme directory and they do NOT need to be world-writable but people leave them that way.

    This thread isn't about 777, nor about site management. It's about Skippy being a decent guy and stating something was wrong.

  2. yosemite
    Posted 10 years ago #

    Thanks podz, nice summary.

  3. llizard
    Posted 9 years ago #

    Just curious, am I correct that both the older with the directory traversal vulnerability and the new fixed versions are numbered 1.7?

    At any rate, thanks for the headsup, Skippy! (revised plugin now uploaded)

  4. gwoodard
    Posted 9 years ago #

    OK, now I have my databases backed up, how do I restore them?


  5. whooami
    Posted 9 years ago #

    using phpmyadmin. Most, but not all hosts, have it available.

Topic Closed

This topic has been closed to new replies.

About this Topic