Plugin Author
WPKube
(@wpkube)
Hi @askel45
We’re not aware of any issues at the moment, so it’s most likely false positives since CodeRisks works by scanning the code and marking what is assumes as a risk.
But we’ll verify as plugin owners and see their reports. Will notify you of what we find out.
Plugin Author
WPKube
(@wpkube)
Hi @askel45
It reports a low severity issue.
It’s due to the usage of PHP mail function (which is used if the “Use PHP’s mail() instead of WP’s wp_mail()” option in the plugin settings is enabled).
It reports that the $_POST data used in mail() is not sanitized. It is sanitized, so no need to worry about.
And I’m assuming you don’t have the option I mentioned enabled, it’s only if for some reason wp_mail() does not work which isn’t often. So that part of the code isn’t executed at all.
Thread Starter
Karis
(@askel45)
Thanks for the explanation. I don’t have the option enabled either way. Cheers!
