Plugin Author
Bob
(@prasunsen)
I don’t see how this could happen. How the heck are you going to upload code and execute it?
Thank you @prasunsen. As you have certainly guessed, I’m not a programmer, but I have survived an injection attack by hunting down malware that penetrated my blog surreptitiously. My exams are all essay questions, so, as bots create (blog) comment spam and insert malware in comments, I think it would be easy for them to deliver “quiz and test and survey spam” by inserting hidden malware in “answers.” So they “take” quizzes and tests, and that’s how they get the code on my database. I think you are right, though; as long as I use wordpress’s recommended settings (I do), they could not execute the malware unless my permissions would allow that (i.e. 777). BTW, before finding Watu, I tried a lot of other plugins for quizzes and surveys and forms, and many of them had captcha antibot functions; this also led me to believe that my concern is not an unusual one. Does my question make more sense now?
Thanks again for an awesome plugin and for responding.
Plugin Author
Bob
(@prasunsen)
The code cannot be executed this way but I agree for the spam issue. We’ll add captcha soon.