Adding CSRF check?

  • Resolved David Gewirtz

    (@dgewirtz)


    2 years, 10 months ago

    I just got a notice that my plugin “does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.”

    This is on admin pages that use CMB2 to display and process settings. Do you have any advice about hot to add CSRF checks for CMB2? Thanks!

    Are others experiencing this vulnerability?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Michael Beckwith

    (@tw2113)

    The BenchPresser

    hey David,

    Can you provide the configuration that you’re using for your integration between your plugin and CMB2?

    Also just in case it helps, which plugin it is in question, and if it’s a public repo, the Github url would be useful in my mind.

    Trying to determine how things are being used here that would contribute to that reach out from the WordPress Plugin team.

    Plugin Author Justin Sternberg

    (@jtsternberg)

    What tool is outputting the admin notice about the CSRF warning?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Adding CSRF check?’ is closed to new replies.