Title: [Plugin: Cross-linker] CSRF security issue?
Last modified: August 19, 2016

---

# [Plugin: Cross-linker] CSRF security issue?

 *  [Rene Schmidt](https://wordpress.org/support/users/rene-schmidt/)
 * (@rene-schmidt)
 * [15 years, 9 months ago](https://wordpress.org/support/topic/plugin-cross-linker-csrf-security-issue/)
 * Hello,
 * I think there is a small CSRF security issue in line 774:
 * if($_REQUEST[‘del_word’]!=”)
    { $del_me = $_REQUEST[‘del_word’]; $wpdb->query(“
   DELETE FROM $table_name WHERE id = ‘”.$del_me.”‘;”); $table_name_attrs = $wpdb-
   >prefix . $table_crosslink_attrb; $wpdb->query(“DELETE FROM $table_name_attrs
   WHERE id = ‘”.$del_me.”‘;”); }
 * An attacker could trick a logged in Cross-Linker user into deleting all hyperlinked
   words.
 * To fix, add
 * check_admin_referer();
 * before
 * $del_me = $_REQUEST[‘del_word’];
 * Have fun
    [http://www.reneschmidt.de/](http://www.reneschmidt.de/)
 * [http://wordpress.org/extend/plugins/cross-linker/](http://wordpress.org/extend/plugins/cross-linker/)

The topic ‘[Plugin: Cross-linker] CSRF security issue?’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/cross-linker_000000.svg)
 * [Cross-Linker](https://wordpress.org/plugins/cross-linker/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/cross-linker/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/cross-linker/)
 * [Active Topics](https://wordpress.org/support/plugin/cross-linker/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/cross-linker/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/cross-linker/reviews/)

## Tags

 * [csrf](https://wordpress.org/support/topic-tag/csrf/)

 * 0 replies
 * 1 participant
 * Last reply from: [Rene Schmidt](https://wordpress.org/support/users/rene-schmidt/)
 * Last activity: [15 years, 9 months ago](https://wordpress.org/support/topic/plugin-cross-linker-csrf-security-issue/)
 * Status: not resolved