WP Security Flaws

Posted on by

Please read carefully.

Once a user has level4 he/she can post native php code in the template files…

Security concerns anyone?
Any user ever tried adding

echo $passsql

to your index.php?

wp-config.php vars are “global”…

until this security flaw is fixed I am afraid users beyond level 4 are right out of the question. I am sure admins with some basic security understanding will agree here.

WP as it is now is a SINGLE user system, with a majorly flawed user and templating system that is far too exploitable and insecure to warrant allowing multiple users at level4+

if you are running WP for yourself this will not concern you. If you want a community to use WP and it’s user level system you really need to be VERY careful about whom to promote to level 4 and beyond.

While I have not searched the boards or WIKI for specific warnings about this I felt I had to post it here, nonetheless.

This is meant as constructive feedback and please do not read anything else into it. WP has some severe security flaws which need to be attended to, esp. in the light of future mulituser ability.

Comments are closed.