Plugin reviews

A plugin review is a detailed assurance exercise involving line-by-line examination of a plugin, with a view to identifying and proving the existence of vulnerabilities that would affect a site’s confidentiality, integrity or availability.

During a plugin review, the tester code reviews the plugin, line by line, actively attempting to find ways in which the plugin could be exploited. A review is a concerted attempt to prove that a plugin is vulnerable to attack, allowing a usage recommendation to be given with high confidence.

It is not possible for a plugin review to prove that a plugin does not contain vulnerabilities, and a review should not be considered a substitute for security best-practices. However, a plugin review which does find issues should give you confidence that the plugin definitely contains issues of concern which you should carefully consider. If we do not find issues, you should conduct your own checks to ensure that you agree with our findings.

A plugin review cannot provide assurance that the site using the plugin is secure, and in particular, cannot demonstrate that a plugin is secure if it interacts with other software in ways not anticipated by the tester.

If further assurance is required, a penetration test should be conducted.

Results

The outputs of a plugin review are a short summary of the findings, a list of the vulnerabilities found and their location in the codebase and a recommendation.

While testers should in general follow the criteria in this section when making recommendations, they may at their discretion make any recommendation. However, if the recommendation is not based on one of the criteria given below, the tester must explain the reason for their decision.

The possible recommendations are as follows:


Potentially unsafe

This plugin should not be used unless very careful consideration is given to the vulnerabilities it contains and ways to mitigate them.

One of the following conditions must be true:

  1. The plugin contains a vulnerability which could be exploited by an end user and which would compromise the site’s confidentiality, integrity or availability
  2. The plugin is written such that its expected, ordinary use could affect the site’s confidentiality, integrity or availability

Use with caution

The plugin could be used but its use should be carefully considered.

One of the following conditions must be true:

  1. The plugin contains a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding the user's privileges
  2. The plugin appears not to be vulnerable, but could interact with another component in such a way as to become vulnerable
  3. The plugin meets a large number of failure criteria and is of poor quality, leading the tester to fear that subsequent versions of the plugin are likely to introduce vulnerabilities.
  4. The plugin is written such that its expected, ordinary use is likely to harm the site’s performance

No issues found

No issues were found or the issues identified were minor

The plugin appears to be safe for use.