WordPress Exploits ?!
I installed a plugin calles S6 Scan and it came up with the following errors:
Open user-edit.php file for editing
Find the line that begins with ‘wp_enqueue_script(‘user-profile’);”
Append the next lines with the following:
if ( current_user_can('edit_user',$user_id ) == FALSE ) wp_die(__( 'Forbidden' ) );
Edit the wp-comments-post.php file
Find the line, that begins with “/** Sets up the WordPress Environment. */”
Prepend that line with the next code:
if ( ! isset( $_SERVER[ "HTTP_REFERER" ] ) ) die(); $referrer_url = $_SERVER[ "HTTP_REFERER" ]; $server_name = str_replace( "." , "\." , $_SERVER[ "HTTP_HOST" ] ); /* Escape the dots for following regexp search */ $server_name = str_replace( '/' , '\/' , $server_name ); /* Escape the '/' for following regexp search */ $referr_pattern = "/^((http(s)?):\/\/)?(www.)?$server_name/"; if ( ! preg_match( $referr_pattern, $referrer_url ) ) die();
Wondering if this is just “crap” and fake or is it for real!?
Shall I be worried … apparently it is vulnerable to security threats.
- The topic ‘WordPress Exploits ?!’ is closed to new replies.