PHP is probably one of the most vulnerable languages for SQL injection (SQLi), mainly because many developers build queries dynamically using strings. PHP has prepared statements in its native class…
Coding vulnerabilities
11 Articles
11
If you’re writing a WordPress plugin, you don’t want to write features that allow your users to be vulnerable to security bugs. The current_user_can function is a native WordPress security…
To avoid Cross-Site Request Forgery (CSRF) attacks, WordPress has two functions for plugin developers: wp_verify_nonce and check_ajax_referer. If you don’t use at least one of these functions, your plugin could…
The WordPress API has a huge learning curve, so you might miss authentication and authorization checks when you code your first plugin. This article will explain how an authentication failure…
You might have heard of typosquatting in cybersecurity and phishing, but it’s hard to find examples before they’ve been removed. A recent Nuget vulnerability shows exactly what can happen when…
If you use any Sneeit WordPress themes or plugins, you should probably update it now. The Sneeit framework was found to have several vulnerabilities including remote code execution detailed in…
The CSV-to-SortTable WordPress plugin is a handy little tool for site owners, but its codebase shows that it was not built with hackers in mind. CSV-to-SortTable does not validate files…
A common programming mistake is thinking that what can’t be seen on the public web can’t possibly be a vulnerability. WordPress site owners entrust their security to plugin developers, which…
Most applications need a database to store backend data, and Google Firebase is a great choice for serverless data management. It’s a cloud-based database hosted in Google Cloud, and it’s…
It’s common in coding to work with CSV (Comma Separated Values) files to transfer data between platforms or allow users to download files that can then be used in their…
Page 1 of 2
Next