Cross-Site Request Forgery

  • Resolved Ahraf Ali

    (@ashrafalikarmali)


    6 months, 2 weeks ago

    Recently Wordfence found a vulnerability in the plugin,

    The My Wp Brand – Hide menu & Hide Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action, such as clicking on a link.

    References

    How do we address this concern, please guide.

Viewing 1 replies (of 1 total)
  • Plugin Author imw3

    (@imw3)

    6 months ago

    Sorry for the delayed response. This issue was already resolved in version 1.1.3, which was reviewed and approved through the official WordPress process. I’ve personally re-checked the plugin and haven’t found any related CSRF concerns. If anything new comes up, I’ll address it right away, but as of now the latest version is secure.

    Thanks for your concern and support.

Viewing 1 replies (of 1 total)

The topic ‘Cross-Site Request Forgery’ is closed to new replies.

  • 1 reply
  • 2 participants
  • Last reply from: imw3
  • Last activity: 6 months ago
  • Status: resolved