SolomonFoskaay
commented
1 year ago @julien51 am interested in helping work on fixing this issue and will like to know what is the bounty price attached to fixing this issue?
Thanks!
Closed SolomonFoskaay closed 1 year ago
SolomonFoskaay
commented
1 year ago @julien51 am interested in helping work on fixing this issue and will like to know what is the bounty price attached to fixing this issue?
Thanks!
julien51
commented
1 year ago Great find @SolomonFoskaay ! I think this is fixed in https://github.com/unlock-protocol/unlock-wordpress-plugin/pull/64
The Unlock Protocol wp plugin folders and files are exposed and should be patched as soon as possible to ensure this does not get exploited or used as a way to breach users' entire wp.
Due to the plugin folders/files not being protected within the plugin itself from direct browser access by default, they only get protected on some hosting which restricts direct browser link access to plugin files but not all host does that by default - see the video below for comparison:
https://user-images.githubusercontent.com/83863629/221138385-94e7bab4-5957-4919-a00f-47ee6a61f50f.mp4