I could not see any protection against
It is not hard, every submitted form needs to have a hidden secret field which is then checked. But without it WordPress is completely open to this.
(I could add it, but it needs to go into the core. Tested on every form.)
- The topic ‘Request Forgery Security’ is closed to new replies.