Insecure and poorly written - [Variation Swatches for WooCommerce] Review | WordPress.org

garrettseward
(@garrettseward)

5 years, 3 months ago
While this plugin may appear to work well, after reviewing the code I have found several critical flaws (SQL INJECTION):
1. get_tax_attribute of variation-swatches-for-woocommerce.php line 117
- Not using prepared statements.
- Possible SQL injection.
- save_term_meta of class-admin.php line 175
- Blindly updates term meta on anything that matches ‘image’, ‘color’, or ‘label’ in POST data.
- This topic was modified 5 years, 3 months ago by garrettseward.
- This topic was modified 5 years, 3 months ago by garrettseward.
- This topic was modified 5 years, 3 months ago by garrettseward.

The topic ‘Insecure and poorly written’ is closed to new replies.

In: Reviews
0 replies
1 participant
Last reply from: garrettseward
Last activity: 5 years, 3 months ago