Database Back-up Plugin Security Issue
August 15th, 2006
Skippy reported in the WP forums that a security vulnerabilty had been found in the database back-up plugin. Subsequently, in the same thread, he posted back with a fix that had been “cooked up” by Ryan. At root the plugin could exploit a “directory traversal vulnerability”, if done by someone with admin privileges. Which, no one should be giving admin privileges to someone they don’t trust.
That said, an updated version can be downloaded here.
Kudos to Skippy for bringing this public as soon as he was aware, and kudos to the team for getting a quick fix to a popular plugin that’s bundled with the download.
Though many are capable of doing manual backups, the automatic backup is a handy feature, and one that can easily save some headache and time for those that have multiple blogs, or are just plain lazy like this blogger.
Leave a comment