WordPress.org

Forums

WP App Studio
Don't use this plugin (4 posts)

  1. Franz Josef Kaiser
    Member
    Posted 2 years ago #

    The first (and biggest problem) with this plugin is, that it doesn't generate the code with the plugin code. The plugin is just a proxy that calls a remote server that produces some code and then downloads it into the WP installation. So the owner of the remote server has your installation in his hands. He could send you any sort of code he wants, opening backdoors, hijacking your complete installation.

    The other problem is that the code of the plugin is crap. It takes any incoming POST response and just uses it without validation or sanitization. But this is just another security concern.

    Long story short: Don't use this plugin. Simply don't.

  2. emarket-design
    Member
    Plugin Author

    Posted 2 years ago #

    Franz,
    Thanks for reviewing our plugin. I have passed your feedback to our development team.
    Please do not hesitate to contact us if you have additional feedback/concern/questions.

    [ Signature moderated. ]

  3. emarket-design
    Member
    Plugin Author

    Posted 2 years ago #

    Franz,
    In WPAS 1.1.1 relase, we have hardened overall plugin security by adding extra nonces, data sanitization/validation rules and WordPress HTTP API calls. We have also included a diagram detailing what comes in and out of your computer. Anything else?
    Thanks!

  4. eddyparkinson
    Member
    Posted 2 years ago #

    Franz Josef Kaiser - I can see you want safe software. I hope you figure out a way of making the worlds software safer.

    Your comments apply to most "Small, close source, software" that is available on the web. A large percentage of the software available on cnet matches your description. The problem of secure software is well known, but thankfully most people are good, and try to make the world a better place.

    Eddy Parkinson.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.