Home Forums Feedback Bots scanning for vulnerability in export.php

Bots scanning for vulnerability in export.php

  • Elliot, in the last week I’ve noticed frequent 404 errors from bots scanning for /wp-content/plugins/advanced-custom-fields/core/actions/export.php

    My only site using ACF is still in development and not public so I don’t know what’ll happen when the bot finds the plugin.

    I know you recently updated export.php to shut down public access to it but it looks like someone thinks it’s worth sniffing for. It’s fair to guess they have an exploit in mind for it. May be worth getting the word out to encourage updating and double checking that there’s not an extant vulnerability in the current version.

    Love the plugin BTW

  • Hi @sydatbliz

    Thanks for the info.
    The file in question contains the code:

    // Exit if accessed directly
    if ( !defined( 'ABSPATH' ) ) exit;

    So this would shut down any unauthorized usage of the file.

    Please note that ACF5 does not contain a PHP export function, so perhaps this will not be an issue in the near future.

    Thanks again, but I wouldn’t worry too much about the sniffing.


Viewing 2 posts - 1 through 2 (of 2 total)

The topic ‘Bots scanning for vulnerability in export.php’ is closed to new replies.