WordPress Plugin full-customer 3.1.12 Code Audit: Unvalidated Remote Requests and Hardcoded API Key

Key Information Plugin Version: 3.1.12 File Path: full-customer/tags/3.1.12/app/controller/actions.php Last Modified: By fullservices 17 months ago, revision 3109430 Potential Vulnerability Information 1. Remote Requests: Multiple instances of are used to request external APIs, which may pose security risks due to unvalidated remote requests. - Code Snippets: - (e.g., line 135 and 178) - Need to verify whether the construction of is secure and whether returned data is properly validated and processed. 2. Data Validation and Sanitization: Need to check whether data is adequately validated and sanitized to prevent injection attacks or XSS attacks. - Code Snippets: - When using and for data transmission and stylesheet loading, ensure data security. 3. Permission Checks: Some functions include permission checks like , but further verification is needed to ensure other sensitive operations have sufficient permission controls. - Code Snippets: - (e.g., line 33) 4. API Keys: Be cautious to check whether sensitive API keys or authentication information are exposed. - Code Snippets: - (e.g., line 135) Recommendations Strictly validate and sanitize URLs and data used in requests. Ensure all input and output data are properly encoded and validated to prevent injection and XSS attacks. Review all permission checks to ensure sensitive operations are accessible only to authorized users. Review the code for any direct exposure of sensitive information, such as API keys.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Plugin full-customer 3.1.12 Code Audit: Unvalidated Remote Requests and Hardcoded API Key