BuddyBoss Home – Web Support Forums Solutions Social Learner Inspecting Code Quality using Plugin Inspector

Viewing 3 posts - 1 through 3 (of 3 total)

  • Question

    April 17, 2016 at 5:39 am #68654

    Michael
    @mln83

    Hi guys,

    I am testing various plugins on my site. Here is some feedback for Boss for LearnDash 1.0.8:

    Unsafe/boss-learndash/includes/buddyboss-plugin-updater.php view source
wp_remote_post at line 43:
$raw_response = wp_remote_post( $this->api_url, $request_string ); 
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.

wp_remote_post at line 81:
$raw_response = wp_remote_post( $this->api_url, $request_string ); 
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.

    For a full report I suggest you to install Plugin Inspector – https://wordpress.org/plugins/plugin-inspector/

    Best regards,
    Michael

    Answers

    April 17, 2016 at 5:41 am #68655

    Michael
    @mln83

    BuddyBoss Inbox v. 1.0.4, BuddyBoss Wall v. 1.2.7 shows similar vulnerability.

    April 18, 2016 at 2:26 am #68717

    Alyssa
    Participant
    @alyssa-buddyboss

    Hi Michael,

    Thanks for reporting this bug. We’re looking into this.

Viewing 3 posts - 1 through 3 (of 3 total)
  • The question ‘Inspecting Code Quality using Plugin Inspector’ is closed to new replies.