[wp-trac] [WordPress Trac] #26273: Deactivated plugins and themes should not execute
WordPress Trac
noreply at wordpress.org
Sat Jul 26 08:54:40 UTC 2014
#26273: Deactivated plugins and themes should not execute
----------------------------+------------------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Comment (by jsimone):
Here's a nice anecdote to add. My site was hacked recently (hence my
interest in this subject). It appears certain that the MailPoet extension
which I use was the cause.
[http://www.itpro.co.uk/security/22774/50000-sites-hit-by-mailpoet-
wordpress-plug-in-security-flaw| This article] claims that this exact
vulnerability could be exploited '''''without having the plugin
enabled'''''. What a coincidence... That fact may be a large part of why
this exploit has reportedly affected so many, and why WordPress will again
get a lot of the wrong kind of attention.
http://www.itpro.co.uk/security/22774/50000-sites-hit-by-mailpoet-
wordpress-plug-in-security-flaw
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26273#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list