Thank you both @data443 and @safronik for addressing this issue! I am still getting flags every day. I have been sent a new version of the GDPR framework plugin to test and that is my next step, but before I go download that and apply it I have a quick question for Data443. Has this new version been scrubbed of said security risks, such as resolving this?
“2. exec(“mklink /{$mode} “.escapeshellarg($link).’ ‘.escapeshellarg($target)); – is not safe to use this, because if you made a mistake in sanitizing any of these 3 parameters, it will become a security vulnerability. You could use safe alternative for this like: link() and symlink().”
