Summary
Expand security testing significantly - currently only 2 basic tests (escaping and nonces).
Current State
- Only 2 security tests exist
- No SQL injection prevention tests
- No input validation tests
- No capability check tests
Proposed Tests
Knowledge Tests
- Input sanitization function selection
- SQL injection prevention patterns
- XSS prevention contexts
- Capability hierarchy and checks
- Nonce lifecycle and verification
Execution Tests
$wpdb->prepare() for SQL injection prevention- Input validation with
sanitize_*() functions
wp_kses_*() for HTML sanitization- Capability checks (
current_user_can())
- File upload validation patterns
- AJAX handlers with proper nonce verification
Why This Matters
Security is critical. AI models generating insecure WordPress code is a significant risk. This suite would test security awareness.
Summary
Expand security testing significantly - currently only 2 basic tests (escaping and nonces).
Current State
Proposed Tests
Knowledge Tests
Execution Tests
$wpdb->prepare()for SQL injection preventionsanitize_*()functionswp_kses_*()for HTML sanitizationcurrent_user_can())Why This Matters
Security is critical. AI models generating insecure WordPress code is a significant risk. This suite would test security awareness.