Please improve plugin security | WordPress.org

Resolved Alexandru Negoita
(@kulsite)

5 months, 4 weeks ago

Hei,
I just tested the plugin through WordPress standards and it seems that there are issues that needs to be fixed.
There are unescaped values in the plugin which can pose a threat to the site security, even when the plugin is only used in admin interface.
For example:
$where[] .= ‘`object_type= \'' . $type . '\'';
Combined with _roles values, which can also have allot of various data, it could potentially lead to escalated privileges.

Viewing 1 replies (of 1 total)

Plugin Author ArielK
(@arielk-1)

5 months, 4 weeks ago

Hi @kulsite,

Thank you for researching our plugin!

To better serve the researcher community, we’re running a managed public Bug Bounty program on Patchstack: https://patchstack.com/database/wordpress/plugin/aryo-activity-log

Please open a Patchstack account if you don’t already have one, join our program and submit your findings.

The program contains all the information you’ll need in order to submit a report.

Best regards,

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

2 replies
2 participants
Last reply from: ArielK
Last activity: 5 months, 4 weeks ago
Status: resolved