I haven’t had the time to go through and see specifically what CodeRisk has flagged, but having spent days (way more time than I should have) trying to improve the score for EWWW Image Optimizer, I have a pretty good idea what I’ll find.
In short, there are a lot of things the CodeRisk scanner will flag that are not exploitable, many which have no way to “fix”. Often, the only “fix” is to use a WordPress wrapper function that CodeRisk doesn’t recognize–this is not only my experience, but that of my competitors/colleagues that have worked to improve how their plugins score on CodeRisk.
I will still look through the results for Imsanity at some point, but as there are no known vulnerabilities in the plugin, I’m not in a huge rush.
Thread Starter
TWD
(@twd)
OK. Just wanted to make you aware.
Oh, I’m aware, it just drives me nuts, and I wish it were more actionable/helpful 🙂
