WordPress.org

Support

Support » Miscellaneous » WordPress Exploits ?!

WordPress Exploits ?!

  • Hi

    I installed a plugin calles S6 Scan and it came up with the following errors:

    ERROR 1

    Open user-edit.php file for editing
    Find the line that begins with ‘wp_enqueue_script(‘user-profile’);”
    Append the next lines with the following:

    if ( current_user_can('edit_user',$user_id ) == FALSE )
        wp_die(__( 'Forbidden' ) );

    Save
    Done

    ================

    ERROR 2

    Edit the wp-comments-post.php file
    Find the line, that begins with “/** Sets up the WordPress Environment. */”
    Prepend that line with the next code:

    if ( ! isset( $_SERVER[ "HTTP_REFERER" ] ) )
        		die();
    
        	$referrer_url = $_SERVER[ "HTTP_REFERER" ];
        	$server_name = str_replace( "." , "\." , $_SERVER[ "HTTP_HOST" ] );	/*	Escape the dots for following regexp search */
        	$server_name = str_replace( '/' , '\/' , $server_name );	/*	Escape the '/' for following regexp search */
    
        	$referr_pattern = "/^((http(s)?):\/\/)?(www.)?$server_name/";
    
        	if ( ! preg_match( $referr_pattern, $referrer_url ) )
        		die();

    Save
    Done

    ==============================

    Wondering if this is just “crap” and fake or is it for real!?
    Shall I be worried … apparently it is vulnerable to security threats.

    Any suggestions?

Viewing 9 replies - 1 through 9 (of 9 total)
Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘WordPress Exploits ?!’ is closed to new replies.