Works as intended – Very Dangerous for site owners

  • snakeestate

    (@snakeestate)


    7 years, 10 months ago

    If you’re looking to execute php on a wordpress page/post you should use the recommenced approach by creating a custom shortcode.

    While this plugin works it’s highly unsecure. If your site were hijacked anyone with admin/editor/etc permissions can execute and form of PHP scripts.

    In a nut shell, say goodbye to your website :).

    In all honesty the developer of this extension should provide a warning or disclaimer for users.

Viewing 1 replies (of 1 total)
  • Vitor Madeira

    (@vitormadeira)

    7 years, 1 month ago

    Are you:
    a) Reviewing the plugin?
    or
    b) Reviewing the fact that the WordPress.org team actually accepted and approved the plugin and made it available into the repository?

    Please understand that what you made, was actually the irresponsible action.

    While I totally agree with your last sentence, I guess you are criticising the WordPress.org plugin team for approving the plugin and not the plugin itself.

Viewing 1 replies (of 1 total)
  • The topic ‘Works as intended – Very Dangerous for site owners’ is closed to new replies.