[wp-hackers] Possible vulnerability with the plugin system

[Andy Skelton]

On Nov 30, 2007 12:34 PM, John Blackbourn <johnbillion+wp at gmail.com> wrote:
> Does this class as a vulnerability?

No.

It makes little sense for a plugin to do anything rash simply by
including a file and this is not a design pattern I have seen in the
wild.

You bring up an excellent point: WordPress should not include a file
indicated by a URL query string that has not been specified in an
add_submenu_page call. Please submit a bug report and a patch if you
are prepared to write one.

Cheers,
Andy