Home Forums WordPress Plugins Hide My WP bug – admin login key is getting exposed

This topic is: not resolved
Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • June 6, 2017 at 7:40 pm #16443
    ams13
    Pro
    Post count: 47

    Hi

    I have just found a bug.

    If I change the custom New upload path to /file, and I reference to a file name that does not exists in the directory, the admin login key is exposed e.g

    http://www.example.com/file/test.pdf redirects to http://www.example.com/wp-content/uploads/test.pdf?hide_my_wp=1234

    Thus anyone can find out what the admin login key is.

    Please test and let me know.

    Thanks

    June 6, 2017 at 7:42 pm #16444
    ams13
    Pro
    Post count: 47
    This reply has been marked as private.
    June 7, 2017 at 5:23 am #16447
    Suman M.
    Post count: 12478

    Hi, we checked in our demo site and it’s not happening there (http://hide-my-wp.wpwave.com/).

    Can you please let us know your website’s wp-admin login details (as private reply), so that we can look into the issue further.

    June 7, 2017 at 10:42 am #16449
    ams13
    Pro
    Post count: 47
    This reply has been marked as private.
    June 8, 2017 at 5:12 am #16454
    Suman M.
    Post count: 12478
    This reply has been marked as private.
    June 8, 2017 at 12:16 pm #16464
    ams13
    Pro
    Post count: 47
    This reply has been marked as private.
    June 9, 2017 at 4:44 am #16476
    Suman M.
    Post count: 12478

    I have moved Eini’s post (should have created a new topic).

    Let us know if you have any other issue.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.