Support » Plugin: Hana Code Insert » Security?

  • I tried this plugin, as the general idea behind it is so cool.

    Problem1: I quickly looked at the code and found the php is executed with the “eval” command. That is really scary in many ways: It is a door opener for all sorts of misuse and makes also php bug fixing so very hard.

    Problem2: I installed the plugin (as admin) and re-logged with the role of an editor (lower rights level). I could still access all the plugin’s settings, which was unexpected.
    So there seems to be not even a solid rights protection. If WordPress is used not only by the owner but content is maintained also by editors, this missing rights protection would be a no-go for me.

    I gave up at that point. As much as I would like to use it: I stay away from it for now.

    If the security issues are fixed, I would be more than happy to rate this 5 stars.

  • The topic ‘Security?’ is closed to new replies.