undetected links within theme files | WordPress.org

intimez
(@intimez)

13 years, 2 months ago

If a theme includes a file that is hosted on another domain, it is not being detected. I found this out only when seeing odd load and photo not being displayed.

-png file embeded in theme option section
-java script widget from third party

I believe plugin only look for “a href” but suggest that it searches for all URLs.

http://wordpress.org/extend/plugins/tac/

Viewing 1 replies (of 1 total)

romainsimon
(@romainsimon)

12 years, 4 months ago

I found the same thing. TAC developement team should add images check

<?php include (TEMPLATEPATH . '/images/social.png'); ?>

Such a code is not detected as malicious by TAC. It seems to be an image, but when you open it, it contains in fact a Curl request that imports malicious code into your WordPress installation.

Viewing 1 replies (of 1 total)

The topic ‘undetected links within theme files’ is closed to new replies.

1 reply
2 participants
Last reply from: romainsimon
Last activity: 12 years, 4 months ago
Status: not resolved