Snoopy PHP Webclient Security

Oct262005

There is a security advisory out regarding a Snoopy PHP Webclient vulnerability. Since WordPress uses Snoopy internally, we immediately double-checked to be sure that WP isn’t affected. It’s not.

WordPress uses Snoopy internally to fetch RSS feeds for display in the
Dashboard. But by default, all the URLs are hardcoded, and thus not vulnerable to the bug mentioned above. The only way that a WordPress site could be affected is if it had some sort of plugin that allowed users to supply custom feed URLs to the system, and the site had users that the admin could not trust (and who had enough access to provide their own feeds to the plugin).

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.

View all posts by Dougal Campbell →

This entry was posted in Security, WordPress and tagged Feeds, PHP, plugin, Programming, RSS, WordPress. Bookmark the permalink.

3 Responses to Snoopy PHP Webclient Security

Pingback: It’s News to Me » geek ramblings Â» Snoopy PHP Webclient Security

Dougal Campbell's geek ramblings