Title: polysandy's Replies | WordPress.org

---

# polysandy

  [  ](https://wordpress.org/support/users/polysandy/)

 *   [Profile](https://wordpress.org/support/users/polysandy/)
 *   [Topics Started](https://wordpress.org/support/users/polysandy/topics/)
 *   [Replies Created](https://wordpress.org/support/users/polysandy/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/polysandy/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/polysandy/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/polysandy/engagements/)
 *   [Favorites](https://wordpress.org/support/users/polysandy/favorites/)

 Search replies:

## Forum Replies Created

Viewing 5 replies - 1 through 5 (of 5 total)

 *   Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
   
   In reply to: [WordPress file upload vulnerability](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/)
 *  Thread Starter [polysandy](https://wordpress.org/support/users/polysandy/)
 * (@polysandy)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/#post-9542249)
 * Ok let me come up with a plugin for this 🙂
 *   Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
   
   In reply to: [WordPress file upload vulnerability](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/)
 *  Thread Starter [polysandy](https://wordpress.org/support/users/polysandy/)
 * (@polysandy)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/#post-9541894)
 * I am not satisfied and there is not too much code for this. A simple code:-
 * $finfo = finfo_open();
    $mimeType = finfo_file($finfo, $fileTmpName, FILEINFO_MIME_TYPE);
   finfo_close($finfo);
 * Will do the trick. It will check the exact mime type
 *   Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
   
   In reply to: [WordPress file upload vulnerability](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/)
 *  Thread Starter [polysandy](https://wordpress.org/support/users/polysandy/)
 * (@polysandy)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/#post-9541336)
 * Well in my view WordPress should check the content rather than mime type. I have
   renamed a file from exe to jpg and it got uploaded. Being such a popular CMS,
   it should implement this security feature
 *   Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
   
   In reply to: [WordPress file upload vulnerability](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/)
 *  Thread Starter [polysandy](https://wordpress.org/support/users/polysandy/)
 * (@polysandy)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/#post-9541092)
 * This upload insecurity presents a high risk to the business since an attacker
   with physical access to the victim’s system can upload malicious contents into
   the application.
 *   Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
   
   In reply to: [WordPress file upload vulnerability](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/)
 *  Thread Starter [polysandy](https://wordpress.org/support/users/polysandy/)
 * (@polysandy)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/wordpress-file-upload-vulnerability/#post-9539812)
 * You can upload the file by just renaming something.exe to something.exe.jpg

Viewing 5 replies - 1 through 5 (of 5 total)