Question about plugin security

  • Resolved korvak

    (@korvak)


    2 years, 5 months ago

    Sometimes, plugins for PHP snippets can cause vulnerabilities and infections of the site because they use eval() functions.

    Does your plugin use eval() functions or does it create php files and include them?

Viewing 1 replies (of 1 total)
  • Plugin Author Shea Bunge

    (@bungeshea)

    Currently, it does use the eval method. We are looking at switching to a file-based method at some point in the future.

    However, it is worth noting that the possibility of causing vulnerabilities and infections is the same regardless of method. If you are allowing PHP code to be created and executed on a site by users, then those users have the potential to introduce vulnerabilities and infections if they are acting maliciously or simply make a mistake.

Viewing 1 replies (of 1 total)
  • The topic ‘Question about plugin security’ is closed to new replies.