Link manager exploit?
|Reported by:||cbdilger||Owned by:||pishmishy|
I think someone has found a way to add links using /wp-admin/link-add.php without authentication -- today I found a new link (spam, of course, of the casino variety) and three accesses to the above address from one IP address.
I deleted the link, but I would not be surprised to see it return...
Let me know if I can provide more information; I have shell access to the machine in question (hosted on Dreamhost). I'm running WP 2.2. Thanks.
Change History (30)
- Owner changed from anonymous to pishmishy
- Status changed from new to assigned
comment:5 foolswisdom — 6 years ago
- Milestone 2.4 (future) deleted
- Resolution set to invalid
- Status changed from assigned to closed
comment:17 Nazgul — 6 years ago
- Milestone changed from 2.3.1 to 2.0.12
- Resolution fixed deleted
- Status changed from closed to reopened