Potential Security Risk | WordPress.org

Eric Holmes
(@ew_holmes)

9 years, 9 months ago

In the latest AddThis plugin version, I noticed that your save_post() function does a nonce check (good job), but you are lacking a permissions check. To alter postmeta data, you really should be doing a permissions check as well, to ensure that the user has the capability to do so.

https://wordpress.org/plugins/addthis/

The topic ‘Potential Security Risk’ is closed to new replies.

In: Plugins
0 replies
1 participant
Last reply from: Eric Holmes
Last activity: 9 years, 9 months ago
Status: not resolved