Dangerously Insecure

  • This is an incredibly dangerous plugin.

    Any plugin that allows you to place PHP inside post content is dangerously insecure. With this plugin installed, anybody who can edit, update, or create a post, can place a PHP shell or another attack script inside these short codes and gain an alarming level of control over your WordPress install.

    Because of this, you can also run into trouble and issues with your hosting if they see you have a plugin of this type installed. Some hosts will refuse to host this kind of code precisely because of the security risks involved

    If you need to run custom code in a post, you should use the shortcode API as it was intended, and add a custom shortcode to a plugin or theme. You can also implement custom theme templates, or make use of custom post types to get archive listings

    • This topic was modified 6 years, 1 month ago by Tom J Nowell.
Viewing 1 replies (of 1 total)

  • Are you:
    a) Reviewing the plugin?
    or
    b) Reviewing the fact that the www.ads-software.com team actually accepted and approved the plugin and made it available into the repository?

    Please understand that what you made (giving one star to the plugin itself), was not fair. Your reason is just accurate, but I presume that your “one star” was intended onto the www.ads-software.com plugin approval team and not to the plugin itself.

Viewing 1 replies (of 1 total)
  • The topic ‘Dangerously Insecure’ is closed to new replies.