[wp-trac] [WordPress Trac] #55432: The $plugin parameter of the "plugin_loaded" action can be polluted by individual plugins
WordPress Trac
noreply at wordpress.org
Tue Mar 22 02:25:05 UTC 2022
#55432: The $plugin parameter of the "plugin_loaded" action can be polluted by
individual plugins
----------------------------+------------------------------
Reporter: stevegrunwell | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bootstrap/Load | Version:
Severity: normal | Resolution:
Keywords: close | Focuses:
----------------------------+------------------------------
Changes (by peterwilsoncc):
* keywords: => close
Comment:
My inclination is to close this ticket without a fix. No matter the
variable name WP uses, a plugin could override it.
If a plugin is trying to override the variable maliciously, the plugin
author is missing the opportunity to do truly evil things by been able to
run code on the web server.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55432#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list