Plugin security issues
-
Hi,
I like your plugin but I’m very concerned about the security issues that the following 2 reviews left at:
1. https://wordpress.org/support/topic/serious-security-issues/ — Did you disable access to media library?
2. https://wordpress.org/support/topic/easily-hacked/ — Did you add wp_nonce to prevent bots added to prevent bot submissions?
Also, I’d like to know if the pro version permits multiple url submissions — ex. I’d like users to be able to reference several sources for articles/content they submit.
Awaiting a reply
-
Hi befree22,
Glad to help:
1) No need to disable anything, WP’s Add Media functionality works on the front-end exactly like it does in the Admin Area, which is expected and totally safe. To save you some time reading through that tedious thread, allow me to summarize how it works:
– Visitor, Subscriber, and Contributor – don’t have access to the Media Library
– Author and better – do have access to the Media LibraryFurther:
– Visitor, Subscriber, and Contributor – can’t modify *any* media files
– Author – can only modify their *own* files
– Editor and better – can modify *any* media filesNote that all of this applies regardless of whether the user is working on the front-end (e.g., via USP form) or via the Admin Area. It’s the same both sides of the fence.
So if you have users with sufficient level capabilities, they will be able to do on the front-end the same things they can do in the Admin Area. Exactly how a plugin that is tightly integrated with WordPress should work.
2) Yes complete nonce functionality was added a long time ago.
I hope that helps with any concerns, let me know if I may be of service.
The topic ‘Plugin security issues’ is closed to new replies.
