CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • GitHub Enterprise
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • Quality gates
  • Automated scans
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
      • Doctrine
      • Lang
      • Laravel
      • Secrets
      • Symfony
      • Wordpress-plugins
        • Security
          • Audit
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Audit

wp-file-inclusion-audit

These functions can lead to Local File Inclusion (LFI) or Remote File Inclusion (RFI) if the data inside is user-controlled. Validate the data properly before passing it to these functions.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
- CWE-73: The software allows user input to control or influence paths of file names that are used in filesystem operations.
- CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
OWASP:
- A01:2021 - Broken Access Control
- A08:2021 - Software and Data Integrity Failures

wp-command-execution-audit

These functions can lead to command execution if the data inside them is user-controlled. Don’t use the input directly or validate the data properly before passing it to these functions.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP:
- A03:2021 - Injection

wp-code-execution-audit

These functions can lead to code injection if the data inside them is user-controlled. Don’t use the input directly or validate the data properly before passing it to these functions.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection

wp-file-download-audit

These functions can be used to read to content of the files if the data inside is user-controlled. Don’t use the input directly or validate the data properly before passing it to these functions.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-73: External Control of File Name or Path
OWASP:
- A01:2021 - Broken Access Control

wp-ajax-no-auth-and-auth-hooks-audit

These hooks allow the developer to handle the custom AJAX endpoints.”wp_ajax_action" hook get fires for any authenticated user and "wp_ajax_nopriv_action” hook get fires for non-authenticated users.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-285: Improper Authorization
OWASP:
- A01:2021 - Broken Access Control

wp-authorisation-checks-audit

These are some of the patterns used for authorisation. Look properly if the authorisation is proper or not.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-285: Improper Authorization
OWASP:
- A01:2021 - Broken Access Control

wp-csrf-audit

Passing false or 0 as the third argument to this function will not cause the script to die, making the check useless.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A05:2021 - Security Misconfiguration

wp-open-redirect-audit

This function can be used to redirect to user supplied URLs. If user input is not sanitised or validated, this could lead to Open Redirect vulnerabilities. Use “wp_safe_redirect()” to prevent this kind of attack.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASP:
- A05:2021 - Security Misconfiguration

wp-php-object-injection-audit

If the data used inside the patterns are directly used without proper sanitization, then this could lead to PHP Object Injection. Do not use these function with user-supplied input, use JSON functions instead.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A03:2021 - Injection

wp-sql-injection-audit

Detected unsafe API methods. This could lead to SQL Injection if the used variable in the functions are user controlled and not properly escaped or sanitized. In order to prevent SQL Injection, use safe api methods like “$wpdb->prepare” properly or escape/sanitize the data properly.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP:
- A03:2021 - Injection

wp-file-manipulation-audit

These functions can be used to delete the files if the data inside the functions are user controlled. Use these functions carefully.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
- CWE-73: The software allows user input to control or influence paths of file names that are used in filesystem operations.
- CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
OWASP:
- A01:2021 - Broken Access Control
- A08:2021 - Software and Data Integrity Failures
Search symfony twig csrfGo stdlib
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.