IMPORTANT FOR THE DEVELOPER – SECURITY EXPLOIT

Viewing 1 replies (of 1 total)
  • Plugin Author FireStorm Plugins

    (@wfernley)

    Hello, what version were you running when you were hacked? Have you upgraded to the latest version?

    The link says this exploit is for version 2.06.08 however I don’t see how this is possible. That version includes a check (which is also displayed on that link) that checks to make sure the ID is numeric. If they try to inject any text to exploit/hack your website, it stops the page from loading as a security feature. There is also a secondary check to watch for any SQL injections in the plugin where the user tries to access the wp_users cell.

    In a nutshell, if running version 2.06.08, this hack should not work.

    Hope that helps!

    Wes

Viewing 1 replies (of 1 total)
  • The topic ‘IMPORTANT FOR THE DEVELOPER – SECURITY EXPLOIT’ is closed to new replies.