I am currently working on an implementation reading data from a csv file from within a WordPress plugin. It was suggested the file be added within the plugin in an assets directory. I have concerns in doing this. In particular, I’m worried about security and whether this makes the site vulnerable to attacks.
That being said, I looked at the assets folder in the frontend on my local environment and was not able to see the csv file.
Does anyone know if adding a csv file directly to a plugin introduce security risks?