Support » Plugin: External Links - nofollow, noopener & new window » security weakness – eval()

  • Resolved nhwebgroup

    (@nhwebgroup)


    I’ve identified some code in class-fwp-template-tag-base.php and class-fwp-debug.php that could be a potential security weakness.

    The function eval called which should be avoided whenever possible.

    File Location: /plugins/wp-external-links/libs/fwp/component-bases/class-fwp-template-tag-base.php

    File Location: /plugins/wp-external-links/libs/fwp/class-fwp-debug.php
    plugin Version 2.3

    https://www.php.net/manual/en/function.eval.php
    The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.