Insecure and poorly written

  • While this plugin may appear to work well, after reviewing the code I have found several critical flaws (SQL INJECTION):

    1. get_tax_attribute of variation-swatches-for-woocommerce.php line 117
    • Not using prepared statements.
    • Possible SQL injection.
    • save_term_meta of class-admin.php line 175
    • Blindly updates term meta on anything that matches ‘image’, ‘color’, or ‘label’ in POST data.
    • This topic was modified 5 years, 11 months ago by garrettseward.
    • This topic was modified 5 years, 11 months ago by garrettseward.
    • This topic was modified 5 years, 11 months ago by garrettseward.
  • The topic ‘Insecure and poorly written’ is closed to new replies.