Title: CSRF Security Vulnerability! Last modified: September 2, 2016 --- # CSRF Security Vulnerability! * Resolved [jenseo](https://wordpress.org/support/users/jenseo/) * (@jenseo) * [9 years, 9 months ago](https://wordpress.org/support/topic/csrf-security-vulnerability/) * Hi, I just got an email from my host telling me there’s a CSRF vulnerability in the following file: * webappick-product-feed-for-woocommerce/includes/classes/template.php * Have uninstalled the plugin, which is a shame, since it did a very good job. But of course we can’t use a plugin with vulnerabilities. Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [WebAppick](https://wordpress.org/support/users/wahid0003/) * (@wahid0003) * [9 years, 9 months ago](https://wordpress.org/support/topic/csrf-security-vulnerability/#post-7722385) * Hi, * We have fixed the problem and released a new version. Thanks for reporting us about the problem. * Thread Starter [jenseo](https://wordpress.org/support/users/jenseo/) * (@jenseo) * [9 years, 9 months ago](https://wordpress.org/support/topic/csrf-security-vulnerability/#post-7722513) * Thanks for the solving it so fast! * [whitefirdesign](https://wordpress.org/support/users/whitefirdesign/) * (@whitefirdesign) * [9 years, 9 months ago](https://wordpress.org/support/topic/csrf-security-vulnerability/#post-7738644) * In looking over the [changes made](https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1488883%40webappick-product-feed-for-woocommerce&old=1484221%40webappick-product-feed-for-woocommerce&sfp_email=&sfph_mail=) in 1.5.24, there doesn’t appear to be any changes made related cross-site request forgery (CSRF) protection. The only change looks like it is related to “Hex character encoding error for XML feed”. Are you sure the fix you intended to include was actually included in the new version? * Plugin Author [WebAppick](https://wordpress.org/support/users/wahid0003/) * (@wahid0003) * [9 years, 9 months ago](https://wordpress.org/support/topic/csrf-security-vulnerability/#post-8117036) * Yes, we have removed the file `webappick-product-feed-for-woocommerce/includes/ classes/template.php`. That file was not used after the version V1.5.15 * [whitefirdesign](https://wordpress.org/support/users/whitefirdesign/) * (@whitefirdesign) * [9 years, 9 months ago](https://wordpress.org/support/topic/csrf-security-vulnerability/#post-8149791) * That file was still in the plugin as of 1.5.24, you only [removed in it 1.5.25](https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1489268%40webappick-product-feed-for-woocommerce&old=1488883%40webappick-product-feed-for-woocommerce&sfp_email=&sfph_mail=), which was released after we asked our question and after you said it had been fixed, so the answer to the question would actually be “no”. * We have contacted you about a cross-site request forgery (CSRF) vulnerability we have found in the current version of the plugin. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘CSRF Security Vulnerability!’ is closed to new replies. * ![](https://ps.w.org/webappick-product-feed-for-woocommerce/assets/icon-256x256. gif?rev=3346213) * [Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels](https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/) * [Frequently Asked Questions](https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/#faq) * [Support Threads](https://wordpress.org/support/plugin/webappick-product-feed-for-woocommerce/) * [Active Topics](https://wordpress.org/support/plugin/webappick-product-feed-for-woocommerce/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/webappick-product-feed-for-woocommerce/unresolved/) * [Reviews](https://wordpress.org/support/plugin/webappick-product-feed-for-woocommerce/reviews/) ## Tags * [csrf](https://wordpress.org/support/topic-tag/csrf/) * 5 replies * 3 participants * Last reply from: [whitefirdesign](https://wordpress.org/support/users/whitefirdesign/) * Last activity: [9 years, 9 months ago](https://wordpress.org/support/topic/csrf-security-vulnerability/#post-8149791) * Status: resolved