Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Altman2015-10-20 20:06:43
Burglary protection
Sergey Altman, 2015-10-20 20:06:43

Is it possible to hack through a disabled wordpress plugin?

Is it enough to disable the vulnerable Wordpress plugin and wait for the update? Can't a site be hacked even through a disabled plugin?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
Maxim E, 2015-10-21
@altman

If the plugin contains the "necessary" code, you can easily go through all the files, find out the contents of wp-config, get access to the database from there, etc.
And you can request such a "correct" file directly site.ru/wp-content/plugins/plugin-shell.php and there will be no difference whether it is enabled or not.

Report
N
Neocaridina, 2015-10-20
@Neocaridina

Rename the disabled plugin folder.

Similar questions
X
XenTerSeO2015-10-18 20:16:23
How dangerous is it to allow users to upload any files to the server? 1Reply
M
Mikhail Serenkov2018-02-25 13:50:18
Suspicious requests to the server? 5Reply
T
Toopie2018-02-28 10:06:20
How to steal traffic from Wi-Fi sharing on Android? 2Reply
E
Egorian2018-03-11 16:37:43
How are cheats made for games? 4Reply
M
MyRandomName2018-04-03 13:31:36
What are social engineering services? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question