[wp-forums] jetpack exposes css-optimiser form
Michael Atkins
michael at cubecolour.co.uk
Thu Jan 3 05:40:40 UTC 2013
Adonis Nafeh has flagged up a concern he has with Jetpack
http://wordpress.org/support/topic/vulnerability-possible-vulnerability-in-jetpack-custom-css
I tried to reach the css_optimiser.php page he mentioned in one of my own installs & got a 404, however I have since found that even with jetpack not active a non-logged-in user can still load up that page on other sites.
Does this look like it is anything to worry about? or is it a red herring?
Michael
@cubecolour
More information about the wp-forums
mailing list