Greenguy's Board - View Single Post

cd34 · 2009-05-03, 03:55 PM

I suspected the same on a client's site that runs multiple wordpress installations that has used multiple free templates. In 5 of the cases, the templates included code in the header.php and sidebar.php that allowed specially crafted strings to allow remote execution. We weren't able to determine whether the modification was made prior to his template being installed or the result of someone having his admin password for a few of the blogs as he didn't have the original template file zips.

2009-05-03, 03:55 PM	#2
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	I suspected the same on a client's site that runs multiple wordpress installations that has used multiple free templates. In 5 of the cases, the templates included code in the header.php and sidebar.php that allowed specially crafted strings to allow remote execution. We weren't able to determine whether the modification was made prior to his template being installed or the result of someone having his admin password for a few of the blogs as he didn't have the original template file zips. __________________ SnapReplay.com a different way to share photos - iPhone & Android