2 Comments

  1. Julio Potier Ⓦ (@BoiteAWeb)

    If you can’t update your WooCommerce plugin, use the code at the bottom of this post : http://blog.secupress.fr/en/vulnerability-in-woocommerce-2-3-10-object-injection-374.html

    Report

  2. Amir Helzer

    IMHO, the fact we include code with other products and redistribute it is the root cause of the problem. This causes not only security problems but also conflicts between plugins (and the theme) and bugs.

    WordPress should get a dependency system, which allows code to dynamically load other code. For instance, if you create a theme that needs a JS library, that library should not be bundled with the theme. It should be loaded once and all plugins and the theme should use it.

    The actual situation in the WordPress themes and plugins marketplace is way more complex than described in this post. There are many cases where a plugin includes a library and that entire plugin is included in a theme. Each of these cases has a valid explanation.

    It’s pretty obvious that updates to the library will take forever to reach all sites that use the theme that has the plugin that embeds the library. Right?

    We used to do the same for our Toolset plugins. We encouraged theme authors to include an ‘Embedded Version’ of different Toolset plugins with their themes. We quickly discovered how problematic this is and we replaced it with ‘on demand’ installation, directly from our system. This was huge development and I doubt that every plugin developer can afford it. Would have been far better to use a dependency system in WordPress, if such existed.

    All of this would have been avoided if WordPress had a dependency system, which allows to load resources once and update them immediately.

    Report

Comments are closed.

%d bloggers like this: