I've checked a bit the code of your plugin, and it appears it is not using at all any security check of WordPress nonce.
A nonce field must be included in the form submission to prevent un-authorized submissions to the database.
User Submitted Posts
Security issue with this pluign (6 posts)
-
-
Moogle Stiltzkin
Posted 11 months ago #Hi Maorb,
I'm curious to know more. Is there a fix for this ?
-
The fix should be, of course, to re-write some of the plugin's code.
I won't recommend using this plugin in production sites, you can never know who can hack to your site through this security hole. -
arni
Posted 10 months ago #Good know, thanks. Uninstalled this plugin
-
Posted 10 months ago #i like the idea of guest submitted articles, but at the cost of my security.
Thx for highlighting this maorb.
-
Posted 10 months ago #I believe there is another plugin called
you can post 2
But that also has issues with security in the sense, the guest can upload any type of file and html coding they want @_@:
Topic Closed
This topic has been closed to new replies.
