Nov 24 2004
I have just been playing around with my own website to see what I can and can’t do as a general “Joe Public” user. It turns out that with the basic installation of the ImageManager plugin that is available for the WordPress blogging system it is possible for anyone to upload, edit or even delete pictures from the server.
I haven’t played enough to see if it is possible to run malicious code on the server yet… but I’m sure it wouldn’t be that difficult.
Needless to say I have disabled the plugin on this blog, so don’t even try it!!!!