I need a wordpress security "expert" to help me fix some input items that i have added from the front-end of a wordpress theme.
I have a wordpress theme and I have added some features that work from frontend:
1. I have added a "wpColorPicker" to the front end, that enable users to easily change the post's background. (but i don't my performance will having some security issues or not..!!.so i need someone to help me check my performance to improve/ensure the security, to prevent MySQL Injection, Xcross,...
2. I have added a "category switcher" that enable users to change/switch categories of a post from the from end => I also don't sure if my work is secure... and need to check by adding some nonce or technique to prevent Injection, crossing,...
Plese check the first images for the items i added (and need security rework!!) - image1
3. In the web, I have used a plugin names "Front end category manager" (that's a very simple 1 file plugin): that enable user to create a category from the front end...and that has an "input field" to create new category => I also need to check this input field to ensure security (image 2)