Post Category Archive A collection of posts we have categorized in Tips for Developers

How to Address Object Injection Vulnerabilities in PHP

Robert Rowley

I have been discussing the risks related to PHP Object Injection or insecure usage of unserialize() and how this insecure coding practice is unfortunately very prevalent in the WordPress plugin ecosystem. This post is for plugin (and really any PHP) developers for the purpose to share why you shouldn't unseralize() data sent from untrusted sources, and how one easy code change can save you from writing vulnerable code. Why not?…

Read the full article.

New posts to your inbox.

Opt-in to receive our newsletter.