Insecure Plugin ?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author codepeople

    (@codepeople)

    6 years ago

    Hello @andresgl,

    In general, the vulnerabilities described in the screenshots you sent me are referring that the forms in free version of the plugin (installed in your website). The free version of the plugin does not use the nonce mechanisms to protect the forms, or captcha, or any other security method, because the free version of the plugin does not include any module for processing in the server side the data collected by the form (the data are not stored in the database, or sent by emails, they are not processed in any way by the server side code). You can submit the form by your way if you want, but our plugin will not process the data. So, the vulnerabilities described in the screenshots provided do not apply or affect to our the plugin.

    The other versions of our plugin, that include the modules for processing the forms in the server side, includes the nonces, captcha, and furthermore the plugin checks the values of fields in the server side, and sanitizate them before storing them in the database.

    So, the cause of the vulnerability in your website, should not be related with our plugin.

    Best regards.

    johannes68

    (@johannes68)

    6 years ago

    you should analyze the server logs what happened in detail with http-requests, sessions, cookies. if you dont have access, ask your provider. if csfr is possible, you may have more problems.

    Plugin Author codepeople

    (@codepeople)

    6 years ago

    Hello @andresgl,

    If you prefer, you can contact me through my private website:

    https://cff.dwbooster.com/contact-us

    Best regards.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Insecure Plugin ?’ is closed to new replies.

Tags