Slots Fortune 777 legit.Enjoy Free 888+200 Daily Legal Bonus

Reply To: CSRF mitigation in wp-login.php

Jan Dembowski — Mon, 19 Mar 2018 14:16:24 +0000

Hi, how does WordPress mitigate CSRF-vulnerabilities in wp-login.php?

Can you explain that a little better?

Edit: I mean, have you found something that would indicate that’s true?

eivindsk — Tue, 20 Mar 2018 07:15:30 +0000

Edit: I mean, have you found something that would indicate that’s true?

I did a vulnerability scan, and it complained that the the login-form was missing a CSRF-token.

I couldn’t find any _wpnounce or csrftoken field in the form or header, and the tokens I found didn’t seem to be primarily used for CSRF mitigation.

Can you explain that a little better?

vivekshingala — Mon, 11 Jun 2018 09:18:19 +0000

Do we have any solution to prevent this on login page?

Reiner030 — Mon, 06 Aug 2018 23:20:27 +0000

Same problem is also complained by detectify and they offer this solution for it with examples:

sbagmeijer — Wed, 26 Sep 2018 05:35:40 +0000

Detectify is giving this warning for us also even in the latest version of WordPress.