Detecting Incorrect Wordpress Plugin Function Usage

Student thesis: Master thesis (including HD thesis)

  • Jens Thomas Vejlby Nielsen
4. term, Computer Science, Master (Master Programme)
This thesis presents the problem of incorrectly using either PHP build-in or homemade functions for WordPress plugin development. WordPress itself is created in a secure way, and vulnerabilities are quickly corrected. This is not the case for plugins, where there can be a multitude of vulnerabilities. WordPress supplies functions for correctly sanitisation of data, along with connecting to databases. WordPress allows the core functionality to be changed by using filters and actions, and if a developer forgets to close a filter this can have security and correctness implications.

A proof-of-concept solution using the nuXmv Model Checker on a WordPress plugin model for finding incorrect function usage and open filters is presented. Tests of the tool show that it is still clear that this is a proof-of-concept solution.
LanguageEnglish
Publication date3 Jun 2015
Number of pages28
ID: 213517445