[wp-hackers] Security Vulnerability found - Forum Post
Mark Jaquith
mark.wordpress at txfx.net
Wed Apr 13 21:05:17 GMT 2005
Scott Reilly wrote:
>I believe user_level of 5 or higher is required to edit a plugin via
>the plugin editor, so this particular approach probably isn't
>exploitable.
>
>On 4/13/05, Mark Jaquith <mark.wordpress at txfx.net> wrote:
>
>
>>They could still just edit a plugin with code that would spit out the
>>contents of wp-config.php and then they would have full access to your
>>database.
>>
With level 1 access you can get the cookie for the higher level users,
and then you could log in at the higher level user and run whatever PHP
code you wanted.
More information about the wp-hackers
mailing list