via pluginvulnerabilities.com => original post link
While working on a security review of a WordPress plugin, we ran across miss-usage of a WordPress security function, esc_url_raw(). While looking to see if this was a wider issue, we found that a 5+ million install security plugin is among those improperly using it, as well as another 1+ million install security plugin, and two 1+ million install plugins from the security reviewer on the team running the WordPress’s plugin directory.
The documentation for esc_url_raw() explains that it “Sanitizes a URL for database or redirect usage.” Then further explains that: [Read more]