[wp-hackers] Security Vulnerability found - Forum Post

Mark Jaquith mark.wordpress at txfx.net
Wed Apr 13 21:05:17 GMT 2005

Scott Reilly wrote:

>I believe user_level of 5 or higher is required to edit a plugin via
>the plugin editor, so this particular approach probably isn't
>On 4/13/05, Mark Jaquith <mark.wordpress at txfx.net> wrote:
>>They could still just edit a plugin with code that would spit out the
>>contents of wp-config.php and then they would have full access to your
With level 1 access you can get the cookie for the higher level users, 
and then you could log in at the higher level user and run whatever PHP 
code you wanted.

More information about the wp-hackers mailing list