Title: Adding CSRF check?
Last modified: May 6, 2022

---

# Adding CSRF check?

 *  Resolved [David Gewirtz](https://wordpress.org/support/users/dgewirtz/)
 * (@dgewirtz)
 * [4 years, 1 month ago](https://wordpress.org/support/topic/adding-csrf-check/)
 * I just got a notice that my plugin “does not have CSRF check in place when updating
   its settings, which could allow attackers to make a logged in admin change them
   via a CSRF attack.”
 * This is on admin pages that use CMB2 to display and process settings. Do you 
   have any advice about hot to add CSRF checks for CMB2? Thanks!
 * Are others experiencing this vulnerability?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Contributor [Michael Beckwith](https://wordpress.org/support/users/tw2113/)
 * (@tw2113)
 * The BenchPresser
 * [4 years, 1 month ago](https://wordpress.org/support/topic/adding-csrf-check/#post-15623025)
 * hey David,
 * Can you provide the configuration that you’re using for your integration between
   your plugin and CMB2?
 * Also just in case it helps, which plugin it is in question, and if it’s a public
   repo, the Github url would be useful in my mind.
 * Trying to determine how things are being used here that would contribute to that
   reach out from the WordPress Plugin team.
 *  Plugin Author [Justin Sternberg](https://wordpress.org/support/users/jtsternberg/)
 * (@jtsternberg)
 * [4 years, 1 month ago](https://wordpress.org/support/topic/adding-csrf-check/#post-15623033)
 * What tool is outputting the admin notice about the CSRF warning?

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Adding CSRF check?’ is closed to new replies.

 * ![](https://ps.w.org/cmb2/assets/icon.svg?rev=2866672)
 * [CMB2](https://wordpress.org/plugins/cmb2/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/cmb2/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/cmb2/)
 * [Active Topics](https://wordpress.org/support/plugin/cmb2/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/cmb2/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/cmb2/reviews/)

 * 2 replies
 * 3 participants
 * Last reply from: [Justin Sternberg](https://wordpress.org/support/users/jtsternberg/)
 * Last activity: [4 years, 1 month ago](https://wordpress.org/support/topic/adding-csrf-check/#post-15623033)
 * Status: resolved