I'd already downloaded all the files, so I searched through the root of the Wordpress installation using Notepad++, which lets me search across all open files. The only hits I got for the strings mentioned in the evuln instructions were for preg_replace() and they were the following ones that don't look bad:
Line 759: $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
Line 105: echo '<input name="blogname" type="text" id="blogname" value="'.esc_attr($blogname).'" maxlength="60" /><span class="suffix_address">.' . ( $site_domain = preg_replace( '|^www\.|', '', $current_site->domain ) ) . '</span><br />';
Line 683: $newblogname = isset($_GET['new']) ? strtolower(preg_replace('/^-|-$|[^-a-zA-Z0-9]/', '', $_GET['new'])) : null;
I'll keep looking at the other files, but I'm not finding the things they're telling me to look for and I don't know if I can get the access you guys are talking about. This is a shared server at Network Solutions.
Previous Topic
Index
