Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: THEME UPLOADER?

Ah I see – you’d like to add a theme editor to bbPress?

The Theme editor is what I mentioned earlier as a huge existing potential security hole in WordPress. It seemed to be a major attack vector in the recent Bablooo spammer attack, which hit one of my sites; it allowed the virus to add spam links to existing posts. If they had wanted to, they could have easily overwritten the posts completely – or even deleted them.

I would highly encourage you to delete the theme editor file from any existing WordPress installs… at least until WordPress has diagnosed the vulnerability and if appropriate, issued a patch.

But if you feel safe behind your firewall… I suppose you could pay a developer to build a plugin which lets Adminstrators and above write to your file system using the bbPress admin. There’s definitely no existing bbPress plugin that I’m aware of! Maybe WordPress’s code could be ported…

Good luck!

Skip to toolbar