Unused public ajax callback | WordPress.org

Resolved Julian Weiland
(@derweili)

4 years, 5 months ago
The Plugin registers a public ajax callback in Plugin.php:124
```
$this->loader->add_action( 'wp_ajax_rate_the_plugin', $notice, 'rate_the_plugin_action' );
$this->loader->add_action( 'wp_ajax_nopriv_rate_the_plugin', $notice, 'rate_the_plugin_action' );
```
This ajax callback is used to rate the plugin in the admin area so it is never used for public users.

So for security reasons I think the public nopriv action should be removed.
- This topic was modified 4 years, 5 months ago by Julian Weiland.

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Contributor cxnmedia
(@cxnmedia)

4 years, 5 months ago

Hi @derweili

Thanks a lot for staying with us. We will take care of it in the next update and will get back in touch as early as possible.

Have a nice day.

Plugin Contributor cxnmedia
(@cxnmedia)

4 years, 1 month ago

Hi @derweili,

The issue has been taken care of in the latest release of this plugin.
Thanks a lot again and have a nice day.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Unused public ajax callback’ is closed to new replies.

Tags

ajax

2 replies
2 participants
Last reply from: cxnmedia
Last activity: 4 years, 1 month ago
Status: resolved