WordPress.org

Ready to get started?Download WordPress

Forums

User Submitted Posts
Security issue with this pluign (6 posts)

  1. maorb
    Member
    Posted 3 years ago #

    I've checked a bit the code of your plugin, and it appears it is not using at all any security check of WordPress nonce.
    A nonce field must be included in the form submission to prevent un-authorized submissions to the database.

    http://wordpress.org/extend/plugins/user-submitted-posts/

  2. Moogle Stiltzkin
    Member
    Posted 3 years ago #

    Hi Maorb,

    I'm curious to know more. Is there a fix for this ?

  3. maorb
    Member
    Posted 3 years ago #

    The fix should be, of course, to re-write some of the plugin's code.
    I won't recommend using this plugin in production sites, you can never know who can hack to your site through this security hole.

  4. arni
    Member
    Posted 3 years ago #

    Good know, thanks. Uninstalled this plugin

  5. Moogle Stiltzkin
    Member
    Posted 3 years ago #

    i like the idea of guest submitted articles, but at the cost of my security.

    Thx for highlighting this maorb.

  6. Moogle Stiltzkin
    Member
    Posted 3 years ago #

    I believe there is another plugin called

    you can post 2

    But that also has issues with security in the sense, the guest can upload any type of file and html coding they want @_@:

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic