The MU forums have moved to WordPress.org

I could access someone's plugins.php from my wp-admin (3 posts)

  1. Korora
    Member
    Posted 18 years ago #

    Hi.
    Now I'm using Stattraq instead of doc referers. And when I clicked a referer from an wpmu site (http://xxx.xxx.com/wp-admin/plugins.php), I jumped to his(or her) plugins.php on admin page. I was using Opera 8 then, and had opened several wp-admins on my test server with another tabs.

    I guess Opera is a little odd when it handles cookies, because I experienced a lot of session troubles when I logged in WPMU with Opera.

    When I jumped that someone's plugin page my user level was proboubly 0. But it is not confrotable at all that someone can possibly see which plugin you have installed, isn't it? I think this is a security hole.

    Is there possibility to fix this issue?

  2. jaseone
    Inactive
    Posted 18 years ago #

    What level was the user you did this with? I believe admin users should be able to do that for all blogs.

  3. Korora
    Member
    Posted 18 years ago #

    I'm admin user on my wpmu installation, and I see also the adomin user can login all blogs on the same installation. But I mean that I could access from my wp-admin on "my" server to someone elses wp-admin on "another" server in an foreign country. So, it's not the same installation...

About this Topic