Can malicious code running in isolated Electron’s renderer process send data to attacker’s server?

I’m trying to evaluate if a malicious npm dependency running in Electron’s app renderer process (which has sensitive information) could send data from the webpage out to an attacker’s server (or trick the user in some way to input that dat… Continue reading Can malicious code running in isolated Electron’s renderer process send data to attacker’s server?

Does adding a csv file to a wordpress plugin introduce security risks to the site?

I am currently working on an implementation reading data from a csv file from within a WordPress plugin. It was suggested the file be added within the plugin in an assets directory. I have concerns in doing this. In particular, I’m worried… Continue reading Does adding a csv file to a wordpress plugin introduce security risks to the site?