User Submitted Posts
[resolved] Security issue with this pluign (6 posts)

  1. maorb
    Posted 4 years ago #

    I've checked a bit the code of your plugin, and it appears it is not using at all any security check of WordPress nonce.
    A nonce field must be included in the form submission to prevent un-authorized submissions to the database.


  2. Moogle Stiltzkin
    Posted 3 years ago #

    Hi Maorb,

    I'm curious to know more. Is there a fix for this ?

  3. maorb
    Posted 3 years ago #

    The fix should be, of course, to re-write some of the plugin's code.
    I won't recommend using this plugin in production sites, you can never know who can hack to your site through this security hole.

  4. arni
    Posted 3 years ago #

    Good know, thanks. Uninstalled this plugin

  5. Moogle Stiltzkin
    Posted 3 years ago #

    i like the idea of guest submitted articles, but at the cost of my security.

    Thx for highlighting this maorb.

  6. Moogle Stiltzkin
    Posted 3 years ago #

    I believe there is another plugin called

    you can post 2

    But that also has issues with security in the sense, the guest can upload any type of file and html coding they want @_@:

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • User Submitted Posts
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic