Cross-site request forgery

  • Resolved granitm

    (@granitm)


    1 year, 4 months ago

    I had a vulnerability test and this came out

    The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated users.

    The original request contains parameters that look like they may be anti-CSRF tokens. However the request is successful if these parameters are removed.

    It cames from the path: /wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php

    • This topic was modified 1 year, 4 months ago by granitm.
Viewing 1 replies (of 1 total)
  • Plugin Author Cristian Antohe

    (@sareiodata)

    1 year, 4 months ago

    Hello,

    trp-ajax.php works for both logged in and non logged in users. It’s used to return a translation from the database if detected with javascript.

    It’s designed to work regardless of those parameter.

    Best Regards!

Viewing 1 replies (of 1 total)
  • The topic ‘Cross-site request forgery’ is closed to new replies.