Title: Security Issues Last modified: July 29, 2023 --- # Security Issues * Resolved [PTaubman](https://wordpress.org/support/users/ptaubman/) * (@ptaubman) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/) * It has been reported that there is a security issue with a Cross Site Request Forgery (CSRF) vulnerability. * Do you know when this will be patched? Thanks. * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-issues-55%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 15 replies - 1 through 15 (of 19 total) 1 [2](https://wordpress.org/support/topic/security-issues-55/page/2/?output_format=md) [→](https://wordpress.org/support/topic/security-issues-55/page/2/?output_format=md) * [nathair](https://wordpress.org/support/users/nathair/) * (@nathair) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16932796) * I had the same warning: WordPress Optimize Database after Deleting Revisions plugin <= 5.0.110 – Cross Site Request Forgery (CSRF) vulnerability * Such a pity, * Thread Starter [PTaubman](https://wordpress.org/support/users/ptaubman/) * (@ptaubman) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16933029) * The sad part is there is no word from the developer on this. I will look for a replacement. * [nathair](https://wordpress.org/support/users/nathair/) * (@nathair) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16933042) * Please notify when you have found a good replacement. I am on a pension now but still manage a couple of Community WordPress websites and this apparently abandoned plug-in came in very handy in keeping those databases tidy. * Thank you, Yolanda aka nathair * Plugin Contributor [cageehv](https://wordpress.org/support/users/cageehv/) * (@cageehv) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16933440) * Hey guys, * Does anyone has any ideas on how to fix this CSRF issue? * Thanks! Rolf * [Autosoft B.V.](https://wordpress.org/support/users/autosoftbv/) * (@autosoftbv) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16937508) * The WP toolkit running on Plesk isalso reporting the vulnerability. [@cageehv](https://wordpress.org/support/users/cageehv/) as far as i could find,these types of issues can be prevented by using “nonces” and validating, sanitizing and escaping your code where possible,[https://wpvip.com/2023/02/28/how-to-protect-against-csrf-attacks-with-wordpress-nonces/](https://wpvip.com/2023/02/28/how-to-protect-against-csrf-attacks-with-wordpress-nonces/) * [giggles420](https://wordpress.org/support/users/gigglesslut420/) * (@gigglesslut420) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16938864) * This report from Wordfence may help: “This is due to missing or incorrect nonce validation on the ‘odb_start_manually’ function.”[https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/rvg-optimize-database/optimize-database-after-deleting-revisions-50110-cross-site-request-forgery-via-odb-start-manually](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/rvg-optimize-database/optimize-database-after-deleting-revisions-50110-cross-site-request-forgery-via-odb-start-manually) * [crzyhrse](https://wordpress.org/support/users/crzyhrse/) * (@crzyhrse) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16939391) * From Wordfence: * The Optimize Database after Deleting Revisions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.0.110. This is due to missing or incorrect nonce validation on the ‘odb_start_manually’ function. This makes it possible for unauthenticated attackers to start the database optimization process via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. * [essjay88](https://wordpress.org/support/users/essjay88/) * (@essjay88) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16939710) * Same, Wordfence warnings for the 51 websites I use it on, I could cry. Such a useful plugin, I’d be interested if anyone finds something equivalent. * Plugin Contributor [cageehv](https://wordpress.org/support/users/cageehv/) * (@cageehv) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16942836) * Hey all, * I think I fixed the CSRF issue! * Tommorow I’ll send in the fixed version for a re-review. * Many thanks to you all for being supportive and all your suggestions and hints! Much appreciated! * Rolf * [essjay88](https://wordpress.org/support/users/essjay88/) * (@essjay88) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16942856) * Great news! Thanks Rolf * [Autosoft B.V.](https://wordpress.org/support/users/autosoftbv/) * (@autosoftbv) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/#post-16943397) * Nice one Rolf! Let’s hope this fixes things. * [spiralofhope](https://wordpress.org/support/users/spiralofhope2/) * (@spiralofhope2) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/page/2/#post-16944249) * It’s good to hear from you [@cageehv](https://wordpress.org/support/users/cageehv/), thanks for working on it! * [webby1973](https://wordpress.org/support/users/webby1973/) * (@webby1973) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/page/2/#post-16945015) * Thank you Rolf [@cageehv](https://wordpress.org/support/users/cageehv/) I suggest that you contact Wordfence and others that reported the issue so they’ll know it’s fixed 🙂 * Plugin Contributor [cageehv](https://wordpress.org/support/users/cageehv/) * (@cageehv) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/page/2/#post-16945237) * Hey guys, * Good news: the updated version (5.1) has been approved after a re-review! * Thanks for your ongoing support! * Rolf * [essjay88](https://wordpress.org/support/users/essjay88/) * (@essjay88) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-issues-55/page/2/#post-16945295) * It really is appreciated Rolf, I’ve used your plugin for lots of clients over the years and I’d have no idea what could replace it! All the best (hat tip emoji) Viewing 15 replies - 1 through 15 (of 19 total) 1 [2](https://wordpress.org/support/topic/security-issues-55/page/2/?output_format=md) [→](https://wordpress.org/support/topic/security-issues-55/page/2/?output_format=md) The topic ‘Security Issues’ is closed to new replies. * ![](https://ps.w.org/rvg-optimize-database/assets/icon-256x256.png?rev=3350597) * [Optimize Database after Deleting Revisions](https://wordpress.org/plugins/rvg-optimize-database/) * [Frequently Asked Questions](https://wordpress.org/plugins/rvg-optimize-database/#faq) * [Support Threads](https://wordpress.org/support/plugin/rvg-optimize-database/) * [Active Topics](https://wordpress.org/support/plugin/rvg-optimize-database/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/rvg-optimize-database/unresolved/) * [Reviews](https://wordpress.org/support/plugin/rvg-optimize-database/reviews/) ## Tags * [bugs](https://wordpress.org/support/topic-tag/bugs/) * [csrf](https://wordpress.org/support/topic-tag/csrf/) * 24 replies * 10 participants * Last reply from: [nathair](https://wordpress.org/support/users/nathair/) * Last activity: [2 years, 9 months ago](https://wordpress.org/support/topic/security-issues-55/page/2/#post-17011639) * Status: resolved