Snoopy PHP Webclient Security

There is a security advisory out regarding a Snoopy PHP Webclient vulnerability. Since WordPress uses Snoopy internally, we immediately double-checked to be sure that WP isn’t affected. It’s not.

WordPress uses Snoopy internally to fetch RSS feeds for display in the
Dashboard. But by default, all the URLs are hardcoded, and thus not vulnerable to the bug mentioned above. The only way that a WordPress site could be affected is if it had some sort of plugin that allowed users to supply custom feed URLs to the system, and the site had users that the admin could not trust (and who had enough access to provide their own feeds to the plugin).

Other Posts of Interest

This entry was written by Dougal, posted on 10/26/2005 at 5:30 pm, filed under Security, WordPress and tagged , , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

2 Comments

  1. Ozzie
    Posted 10/27/2005 at 12:11 am | Permalink

    Well thanks for the headsup Doug ;)

  2. Mega ??????
    Posted 6/15/2008 at 4:12 am | Permalink

    I’m using Snoopy. It’s good stuff.

One Trackback

  1. By It’s News to Me » geek ramblings » Snoopy PHP Webclient Security on 10/27/2005 at 6:40 am

    [...] geek ramblings » Snoopy PHP Webclient Security There is a security advisory out regarding a Snoopy PHP Webclient vulnerability. Since WordPress uses Snoopy internally, we immediately double-checked to be sure that WP isn’t affected. It’s not. [...]

Post a Comment

Your email is never published nor shared.