Plugin Inspector report

(@mln83)

Inspecting code quality of various plugins. Here is some feedback for BB:

Unsafe/bb-plugin/includes/vendor/mailchimp/mailchimp.php view source
curl_exec at line 208:
$response_body = curl_exec($ch);
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source without any restrictions.

file_get_contents at line 236:
$apikey = trim(file_get_contents($path));
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.

DeprecatedUnsafe/bb-plugin/classes/class-fl-builder-auto-suggest.php view source
like_escape at line 99:
$like = like_escape( esc_sql( $like ) );
Deprecated 4.0.0 Use wpdb::esc_like()

For the full report I suggest you to install Plugin Inspector – https://wordpress.org/plugins/plugin-inspector/

Best regards,
Michael

https://wordpress.org/plugins/beaver-builder-lite-version/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Justin Busa
(@justinbusa)

10 years ago

Hi Michael,

Thanks for the heads up on this. We’ll have a look.

Regarding the two suggestions above.

Unsafe/bb-plugin/includes/vendor/mailchimp/mailchimp.php

That’s actually MailChimp’s official API wrapper. It should be safe as it’s only calling curl_exec on API calls.

DeprecatedUnsafe/bb-plugin/classes/class-fl-builder-auto-suggest.php

The like_escape function call is only in there for older versions of WordPress. Newer versions will use the wpdb::esc_like call.

Justin

Thread Starter mln83
(@mln83)

10 years ago

Hi Justin,

Cool! Thanks for the feedback.

Best regards,
Michael

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Plugin Inspector report’ is closed to new replies.