Security Concerns (token manipulation, CSRF, MITM, etc?)
-
I need a professional opinion from the WordPress Developer community please:
I recently helped someone re-create their PHP membership site with WordPress.
It’s a standard set up with Woo theme and Wishlist Member plugin but they said their Linux Systems Engineer had the following to say:
The entire website is vulnerable to session token manipulation and CSRF (cross site request forgery) due to improper sanitization of stored session details once a client has logged in. I was able to create a complete copy of the website and members section. For someone with malicious intent, this data could be collected via an MITM (man-in-the-middle) attack and manipulated to run against the payment processor and possibily collect personal information from there as well.
I’m confused… is this all true??
We are using a Godaddy hosting if I needed to mention.
- The topic ‘Security Concerns (token manipulation, CSRF, MITM, etc?)’ is closed to new replies.