S
S
Sergey Altman2015-10-20 20:06:43
Burglary protection
Sergey Altman, 2015-10-20 20:06:43

Is it possible to hack through a disabled wordpress plugin?

Is it enough to disable the vulnerable Wordpress plugin and wait for the update? Can't a site be hacked even through a disabled plugin?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
M
Maxim E, 2015-10-21
@altman

If the plugin contains the "necessary" code, you can easily go through all the files, find out the contents of wp-config, get access to the database from there, etc.
And you can request such a "correct" file directly site.ru/wp-content/plugins/plugin-shell.php and there will be no difference whether it is enabled or not.

N
Neocaridina, 2015-10-20
@Neocaridina

Rename the disabled plugin folder.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question