exploit not fixed in 2.3
-
https://wpvulndb.com/vulnerabilities/7898 see this page that says it was fixed in 2.3. I don’t think so as I am finding phantom folders via webmaster tools. fdx-index which I 410 and then fdx-content was added recently so there is an on going hole that was started by your plugin as far as I can tell. I have traced wp mobile edition to a transient attached to a security plugin using phpmyadmin. This transient was not a problem until I tried your plugin. I have deleted the security plugin and cleaned the db. But the transient is back after a reinstall of the security plugin. I have also notified that developer.
I suggest you might want to review your code for a stored XSS some where that hooks onto a transient.
- The topic ‘exploit not fixed in 2.3’ is closed to new replies.
