Skip to main content

wordpress-security-validation

Teaches secure WordPress development practices to prevent XSS, CSRF, and SQL injection vulnerabilities through effective input handling.

Install this skill

or
0/100

Security score

The wordpress-security-validation skill was audited on Mar 1, 2026 and we found 19 security issues across 4 threat categories, including 2 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 1452

Eval function call - arbitrary code execution

SourceSKILL.md
1452- [ ] No `eval()`, `assert()`, or `create_function()`
critical line 295

Access to /etc/passwd

SourceSKILL.md
295| `sanitize_file_name()` | File uploads | `"../../etc/passwd"` | `"..etcpasswd"` |
high line 395

Access to /etc/passwd

SourceSKILL.md
395// Input: "../../etc/passwd", "my file!.php"
high line 1279

Access to /etc/passwd

SourceSKILL.md
1279// Attacker visits: ?template=../../../../etc/passwd
high line 295

Path traversal to sensitive directory

SourceSKILL.md
295| `sanitize_file_name()` | File uploads | `"../../etc/passwd"` | `"..etcpasswd"` |
medium line 395

Path traversal to sensitive directory

SourceSKILL.md
395// Input: "../../etc/passwd", "my file!.php"
medium line 1279

Path traversal to sensitive directory

SourceSKILL.md
1279// Attacker visits: ?template=../../../../etc/passwd
medium line 467

Prompting for API key/token input

SourceSKILL.md
467$sanitized['api_key'] = preg_replace('/[^a-zA-Z0-9]/', '', $input['api_key']);
low line 80

External URL reference

SourceSKILL.md
80<img src="https://yoursite.com/wp-admin/admin.php?action=delete_user&id=1">
low line 328

External URL reference

SourceSKILL.md
328// Input: "http://example.com"
low line 329

External URL reference

SourceSKILL.md
329// Output: "http://example.com"
low line 757

External URL reference

SourceSKILL.md
757$safe_url = "https://example.com";
low line 759

External URL reference

SourceSKILL.md
759// Output: <a href="https://example.com">Link</a>
low line 1221

External URL reference

SourceSKILL.md
1221<img src="https://yoursite.com/wp-admin/admin.php?action=delete_all_posts">
low line 1259

External URL reference

SourceSKILL.md
1259// Executes: https://yoursite.com/uploads/malicious.php
low line 1472

External URL reference

SourceSKILL.md
1472<form action="https://yoursite.com/wp-admin/admin-post.php" method="POST">
low line 1504

External URL reference

SourceSKILL.md
1504wpscan --url https://yoursite.com --enumerate vp
low line 1532

External URL reference

SourceSKILL.md
1532- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
low line 1533

External URL reference

SourceSKILL.md
1533- [WordPress Plugin Security Testing](https://make.wordpress.org/plugins/handbook/security/)
Scanned on Mar 1, 2026
View Security Dashboard

Install this skill with one command

/learn @macphobos/toolchains-php-frameworks-wordpress-security-validation
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
claude-codecursorgithub-copilotcodexchatgptbackendfrontend-developerbackend-developerproduct-managerux-designertechnical-writerdevelopmentproductdesigncontent media
MacPhobos/research-mind