From 38390cec1c5b145cc4d3820de1a41a2b43981bb3 Mon Sep 17 00:00:00 2001 From: Ryan Dewhurst Date: Mon, 4 Jan 2021 14:11:49 +0100 Subject: [PATCH] Updated WordPress Plugin Security Testing Cheat Sheet (markdown) --- WordPress-Plugin-Security-Testing-Cheat-Sheet.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/WordPress-Plugin-Security-Testing-Cheat-Sheet.md b/WordPress-Plugin-Security-Testing-Cheat-Sheet.md index 9b62956..97a2e36 100644 --- a/WordPress-Plugin-Security-Testing-Cheat-Sheet.md +++ b/WordPress-Plugin-Security-Testing-Cheat-Sheet.md @@ -95,6 +95,8 @@ Note: Before WordPress 3.5 ```$wpdb->prepare``` could be used insecurely as you ```$wpdb->query( $wpdb->prepare( "INSERT INTO table (user, pass) VALUES ('$user', '$pass')" ) );``` +Example regex: `wpdb->(query|get_var|get_row|get_col|get_results|replace)\((?!.*prepare).*\);` + ### SQL Injection Tips Unsafe escaping ('securing') API methods: