Like the blog? Get the book »

Host Header Injection Fix

On certain server setups, WordPress is vulnerable to an email interception attack. Basically WP uses the $_SERVER['SERVER_NAME'] variable for the "From" header in email notifications. On certain systems this can be exploited by an attacker to gain access to your site. This issue has been known about since WP 2.3, but nothing has been done about it. So I decided to write a plugin to fix it up.

© 2009–2020 Digging Into WordPress Powered by WordPress Monzilla Media shapeSpace