Activity

  • Profile picture of Michael

    Michael started the question Inspecting Code Quality using Plugin Inspector in the forum Social Learner 8 years ago

    Hi guys,

    I am testing various plugins on my site. Here is some feedback for Boss for LearnDash 1.0.8:

    Unsafe/boss-learndash/includes/buddyboss-plugin-updater.php view source
    wp_remote_post at line 43:
    $raw_response = wp_remote_post( $this->api_url, $request_string );
    Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.

    wp_remote_post at line 81:
    $raw_response = wp_remote_post( $this->api_url, $request_string );
    Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.

    For a full report I suggest you to install Plugin Inspector – https://wordpress.org/plugins/plugin-inspector/

    Best regards,
    Michael