Please improve plugin security

  • Resolved Alexandru Negoita

    (@kulsite)


    1 year ago

    Hei,
    I just tested the plugin through WordPress standards and it seems that there are issues that needs to be fixed.
    There are unescaped values in the plugin which can pose a threat to the site security, even when the plugin is only used in admin interface.
    For example:
    $where[] .= ‘`object_type = \'' . $type . '\'';

    Combined with _roles values, which can also have allot of various data, it could potentially lead to escalated privileges.

Viewing 1 replies (of 1 total)
  • Plugin Author ArielK

    (@arielk-1)

    1 year ago

    Hi @kulsite,

    Thank you for researching our plugin!

    To better serve the researcher community, we’re running a managed public Bug Bounty program on Patchstack: https://patchstack.com/database/wordpress/plugin/aryo-activity-log

    Please open a Patchstack account if you don’t already have one, join our program and submit your findings.

    The program contains all the information you’ll need in order to submit a report.

    Best regards,

Viewing 1 replies (of 1 total)

The topic ‘Please improve plugin security’ is closed to new replies.

  • 2 replies
  • 2 participants
  • Last reply from: ArielK
  • Last activity: 1 year ago
  • Status: resolved