This plugin will find preg_replace vulnerabilities. This PHP function is vulnerable when the user can control the regular expression or the content of the string being analyzed and the regular expression has the ‘e’ modifier. Right now this plugin will only find preg_replace vulnerabilities when PHP is configured to show errors, but a new version will find “blind” preg_replace errors.
This plugin doesn’t have any user configured options.
This plugin depends on grep.error_500.