Title: Check plugin security issue
Last modified: June 14, 2023

---

# Check plugin security issue

 *  Resolved [John Darrel](https://wordpress.org/support/users/johndarrel/)
 * (@johndarrel)
 * [2 years, 12 months ago](https://wordpress.org/support/topic/check-plugin-security-issue/)
 * Hi, I see the plugin is accessing the admin edit page with nonce in frontend 
   for not logged users which could be a security issue.
 * var tablesome_ajax_object = {“nonce”:”xxxxxxxxx”,”ajax_url”:”https:\/\/domain.
   com\/wp-admin\/admin-ajax.php”,”rest_nonce”:”xxxxxxxxx”,”edit_table_url”:”https:\/\/
   domain.com\/wp-admin\/edit.php?post_type=tablesome_cpt&action=edit&post=xx&page
   =tablesome_admin_page”
 * Normally, you should use WordPress REST API.

Viewing 1 replies (of 1 total)

 *  Plugin Author [Essekia](https://wordpress.org/support/users/essekia/)
 * (@essekia)
 * [2 years, 12 months ago](https://wordpress.org/support/topic/check-plugin-security-issue/#post-16817843)
 * Hello [@johndarrel](https://wordpress.org/support/users/johndarrel/) ,
   Thanks
   for bringing this up. The nonce used is just a general nonce to identify the 
   user. This nonce is used for both logged-in and non-logged-in users.
 * The edit_table_url is just a property inside tablesome_ajax_object used in frontend
   for redirection. This does not make use of the nonce. 
   Will review this further.
   Also, please send any further security related issues to support [@] pauple [
   dot] com.Regards.
    -  This reply was modified 2 years, 12 months ago by [Essekia](https://wordpress.org/support/users/essekia/).

Viewing 1 replies (of 1 total)

The topic ‘Check plugin security issue’ is closed to new replies.

 * ![](https://ps.w.org/tablesome/assets/icon-256x256.jpg?rev=2551285)
 * [Tablesome Table - Contact Form DB - WPForms, CF7, Gravity, Forminator, Fluent](https://wordpress.org/plugins/tablesome/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/tablesome/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/tablesome/)
 * [Active Topics](https://wordpress.org/support/plugin/tablesome/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/tablesome/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/tablesome/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Essekia](https://wordpress.org/support/users/essekia/)
 * Last activity: [2 years, 12 months ago](https://wordpress.org/support/topic/check-plugin-security-issue/#post-16817843)
 * Status: resolved