Potential Security Risk
-
In the latest AddThis plugin version, I noticed that your
save_post()
function does a nonce check (good job), but you are lacking a permissions check. To alter postmeta data, you really should be doing a permissions check as well, to ensure that the user has the capability to do so.
- The topic ‘Potential Security Risk’ is closed to new replies.