[wp-hackers] Security alert for WP

Lorelle VanFossen lorelle at cameraontheroad.com
Wed Aug 10 13:41:12 GMT 2005

Me no expert, just passing on info.

Security Issue: http://secunia.com/advisories/16386/
WordPress Forum first post: http://wordpress.org/support/topic/41464

DrBacchus says: Nobody should have register_globals enabled. Yes, it's 
icky and the bug should be fixed, but the responsibility also lies with 
the server admin. register_globals is the devil.
    relle    DrBacchus: could a plugin turn on the globals?
DrBacchus    relle: it can be turned on in a .htaccess file, so, 
presumably a plugin could do that.

Fix: In .htaccess add a line for php_flag register_globals off


More information about the wp-hackers mailing list