Title: security weakness – eval() Last modified: July 8, 2019 --- # security weakness – eval() * Resolved [nhwebgroup](https://wordpress.org/support/users/nhwebgroup/) * (@nhwebgroup) * [6 years, 11 months ago](https://wordpress.org/support/topic/security-weakness-eval/) * I’ve identified some code in class-fwp-template-tag-base.php and class-fwp-debug. php that could be a potential security weakness. * The function eval called which should be avoided whenever possible. * File Location: /plugins/wp-external-links/libs/fwp/component-bases/class-fwp- template-tag-base.php * File Location: /plugins/wp-external-links/libs/fwp/class-fwp-debug.php plugin Version 2.3 * [https://www.php.net/manual/en/function.eval.php](https://www.php.net/manual/en/function.eval.php) The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.— Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [WebFactory](https://wordpress.org/support/users/webfactory/) * (@webfactory) * [6 years, 11 months ago](https://wordpress.org/support/topic/security-weakness-eval/#post-11711989) * Hi, we’re looking into this and will update the plugin in a few hours. * Plugin Author [WebFactory](https://wordpress.org/support/users/webfactory/) * (@webfactory) * [6 years, 11 months ago](https://wordpress.org/support/topic/security-weakness-eval/#post-11713273) * Packing the update as we speak, it will be up shortly. Thank you for bringing this to our attention. * Thread Starter [nhwebgroup](https://wordpress.org/support/users/nhwebgroup/) * (@nhwebgroup) * [6 years, 11 months ago](https://wordpress.org/support/topic/security-weakness-eval/#post-11723427) * [@webfactory](https://wordpress.org/support/users/webfactory/) that is great! i’ll be on the look out for the update! * Plugin Author [WebFactory](https://wordpress.org/support/users/webfactory/) * (@webfactory) * [6 years, 11 months ago](https://wordpress.org/support/topic/security-weakness-eval/#post-11723514) * 👍 you should already see it in your WP admin 😉 Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘security weakness – eval()’ is closed to new replies. * ![](https://ps.w.org/wp-external-links/assets/icon-256x256.png?rev=2103983) * [External Links - nofollow, noopener & new window](https://wordpress.org/plugins/wp-external-links/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-external-links/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-external-links/) * [Active Topics](https://wordpress.org/support/plugin/wp-external-links/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-external-links/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-external-links/reviews/) * 4 replies * 2 participants * Last reply from: [WebFactory](https://wordpress.org/support/users/webfactory/) * Last activity: [6 years, 11 months ago](https://wordpress.org/support/topic/security-weakness-eval/#post-11723514) * Status: resolved