Elliot, in the last week I’ve noticed frequent 404 errors from bots scanning for /wp-content/plugins/advanced-custom-fields/core/actions/export.php
My only site using ACF is still in development and not public so I don’t know what’ll happen when the bot finds the plugin.
I know you recently updated export.php to shut down public access to it but it looks like someone thinks it’s worth sniffing for. It’s fair to guess they have an exploit in mind for it. May be worth getting the word out to encourage updating and double checking that there’s not an extant vulnerability in the current version.
Love the plugin BTW
Hi @sydatbliz
Thanks for the info.
The file in question contains the code:
// Exit if accessed directly
if ( !defined( 'ABSPATH' ) ) exit;
So this would shut down any unauthorized usage of the file.
Please note that ACF5 does not contain a PHP export function, so perhaps this will not be an issue in the near future.
Thanks again, but I wouldn’t worry too much about the sniffing.
Thanks
E
