This plugin has a somewhat high CodeRisk RIPS Score
Closed this issue · 3 comments
I was just browsing their plugin scores today and going through many of the plugins I use on most of the sites I manage and noticed that 404-to-301 has a score of 58/100 which is actually somewhat high (most other plugins I use have a score less than 10- many being at 0).
Here is the "report":
https://coderisk.com/wp/plugin/404-to-301
I use quotes on "report" because it really doesn't give any additional information (probably because they want to avoid exploits as well as sell their software), but I wanted to pass the word along.
Edit: It looks like additional information is available after registering as a maintainer on their site.
Could this be looked into for future updates to make the plugin a bit more secure? Appreciate your work, thanks!
Hi @chrisblakley,
Thanks for the info. I have no idea how they are calculating this risk score. I have registered as a maintainer and they asked me to verify ownership by inserting a hidden link. But still, the verification is not working.
I tried verifying one of my old plugins and it did work, but took about half a day to do so.
My plugin had a RIPS score of 78/100 and when I got into the tool there were 4 issues. 1 was a false positive, 2 were just output warnings (which were admin-only), and it did find 1 XSS vulnerability.
Contacted coderisk.com directly and fixed all those false positive items 👍 And the scores updated.