So, controlling the content of cookies can be a real concern.
This particular plugin doesn’t use the HttpOnly cookie headers, so it might be vulnerable to cookie theft – unless WordPress takes protective measures against code injection to comments. I do not know WordPress well enough to be sure.
Other vulnerabilities might exist, too, so I would really prefer to remove all references to answers from the cookies. Note, that on a poorly protected shared computer, this could become a problem too.
Viewing 1 replies (of 1 total)
The topic ‘Democracy 2 plugin privacy issue?’ is closed to new replies.