CSRF on security audit | ww.wp.xz.cn

wpdeveloperonline
(@wpdeveloperonline)

6 years, 1 month ago

Developed a website with Flash theme.Added some plugins for newsletter subscription,counter, etc. But on security audit test, Cross-Site Request Forgery (CSRF) reflected in the pages edit.php, edit-tags.php, post-new.php, admin.php, themes.php, customize.php in the wp-admin folder. The security audit was done by ‘AppSacn’.

Please help to resolve this issue and help me to find the root cause of the issue.

Is CSRF issue aroused by the installation of any plugin?

Is this issue can resolved using any plugins.

Tried Samesite cookie plugin, but after activation of plugin, unable to login to the admin.

Thanks in advance.

Viewing 1 replies (of 1 total)

Moderator bcworkz
(@bcworkz)

6 years, 1 month ago

There are hundreds of hooks plugins and themes can use to extend WP functionality. Any that involve processing user submitted data could potentially introduce a CSRF vulnerability. Narrow down the source by reverting to default WP — a twenty* theme and no plugins. The security scan should now pass. Add back you modules, one at a time, checking after each. When the issue recurs, the last activated module is the cause.

Viewing 1 replies (of 1 total)

The topic ‘CSRF on security audit’ is closed to new replies.

Tags

csrf

In: Fixing WordPress
1 reply
2 participants
Last reply from: bcworkz
Last activity: 6 years, 1 month ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics