php – Does adding a csv file to a wordpress plugin introduce security risks to the site?


I am currently working on an implementation reading data from a csv file from within a WordPress plugin. It was suggested the file be added within the plugin in an assets directory. I have concerns in doing this. In particular, I’m worried about security and whether this makes the site vulnerable to attacks.

That being said, I looked at the assets folder in the frontend on my local environment and was not able to see the csv file.

Does anyone know if adding a csv file directly to a plugin introduce security risks?