BuddyBoss Home – Web Support Forums Solutions Social Learner Inspecting Code Quality using Plugin Inspector

Viewing 3 posts - 1 through 3 (of 3 total)
  • Question

    #68654
    @mln83

    Hi guys,

    I am testing various plugins on my site. Here is some feedback for Boss for LearnDash 1.0.8:

    Unsafe/boss-learndash/includes/buddyboss-plugin-updater.php view source
    wp_remote_post at line 43:
    $raw_response = wp_remote_post( $this->api_url, $request_string ); 
    Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
    
    wp_remote_post at line 81:
    $raw_response = wp_remote_post( $this->api_url, $request_string ); 
    Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.

    For a full report I suggest you to install Plugin Inspector – https://wordpress.org/plugins/plugin-inspector/

    Best regards,
    Michael

    Answers

    #68655
    @mln83

    BuddyBoss Inbox v. 1.0.4, BuddyBoss Wall v. 1.2.7 shows similar vulnerability.

    #68717

    Alyssa
    Participant
    @alyssa-buddyboss

    Hi Michael,

    Thanks for reporting this bug. We’re looking into this.

Viewing 3 posts - 1 through 3 (of 3 total)
  • The question ‘Inspecting Code Quality using Plugin Inspector’ is closed to new replies.