[wp-hackers] FW: [Full-disclosure] different Wordpress
if.website at gmail.com
Sun Feb 11 23:27:58 GMT 2007
On 2/11/07, Jeremy Visser <jeremy.visser at gmail.com> wrote:
> > - directory traversal in the wp-backup plugin allows you to download
> > etc/passwd file (i hope this hasnt been found before, I didnt check
> > it) http://mybeni.rootzilla.de/mybeNi/blog/2/
> This is old. http://security.nnov.ru/Ndocument899.html
> Plus, the plugin is not included in WordPress 2.1 and later.
I think it was fixed in version 1.8 of wp-db-backup.
More information about the wp-hackers