CSRF protection issue | WordPress.org

Resolved Soma Basu
(@9748076617-1)

3 years, 5 months ago

I have added a MailChimp Embedded form on my company website. When I scan the website through Acunetix, I found a vulnerabilities issue ‘HTML form without CSRF protection’.

Alert: HTML form without CSRF protection
Description: Cross-Site Request Forgery (CSRF, or XSRF) is a vulnerability wherein an attacker tricks a victim into making a request the victim did not intend to make. Therefore, with CSRF, an attacker abuses the trust a web application has with a victim’s browser. Acunetix found an HTML form with no apparent anti-CSRF protection implemented. Consult the ‘Attack details’ section for more information about the affected HTML form.
Page URL: https://imerit.net/blog/

How can I fix the problem. Please help.

Viewing 2 replies - 1 through 2 (of 2 total)

ecommercedev
(@ecommercedev)

3 years, 5 months ago

I have the same problem. Please help!! It is urgent. My customers are complaining they cannot use sign up form !

Plugin Contributor Lap
(@lapzor)

3 years, 5 months ago

Our plugin does not have this issue. I assume you are using a MailChimp embedded form, instead of a form created with out plugin: MailChimp for WordPress.

https://kb.mc4wp.com/create-your-first-form/

Hope that helps. If you have any questions, please let me know!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘CSRF protection issue’ is closed to new replies.

In: Plugins
2 replies
3 participants
Last reply from: Lap
Last activity: 3 years, 5 months ago
Status: resolved