Doesn't look secure - [WPCommentCleaner] Review | WordPress.org

danielfriesen
(@danielfriesen)

10 years, 5 months ago

This doesn’t appear to do any CSRF checks. I’m not sure it even does any permission checks at all.

I can easily see this making it possible for someone malicious to cause all the approved comments on a blog to be erased.

Viewing 1 replies (of 1 total)

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

10 years, 5 months ago

Doesn’t “look” secure or can you provide examples or even sections of the code that actually is insecure?

If you can then don’t post them here. 😉 Instead please send the technical details to plugins [at] wordpress.org and they can decide on next steps if any.

Viewing 1 replies (of 1 total)

The topic ‘Doesn't look secure’ is closed to new replies.

In: Reviews
1 reply
2 participants
Last reply from: Jan Dembowski
Last activity: 10 years, 5 months ago