Nonce check fail

  • Line 174 of /class-modula-gutenberg.php is not that smart: the nonce check can be bypassed by simply not POSTing a nonce value.

    It’s not strictly a security flaw because there’s no data to be stolen, nor is there an ability to expand the scope. However, I urge you to fix that and check for potential mistakes like that throughout your plugin.

    Line 210 of that same file is also affected but with the same negligible outcome explained above.

    Line 279 of class-modula-upgrades.php has a dangerous unprepared $wpdb call but is not exploitable. Still, I urge preparing that statement, as you did correctly elsewhere, for you might miss that in a refactorization.

    Line 52 of class-modula-wp-core-gallery-importer.php seems harmful under the wrong circumstances. The last time I checked, WordPress sanitizes post-type names, so it shouldn’t be dangerous. Still, I recommend preparing that.

    I hope this helps! Have a nice day ??

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Nonce check fail’ is closed to new replies.