Multi Vendor Marketplace Plugin | WCFM Marketplace › Forums › WCFM – Marketplace (WooCommerce Multivendor Marketplace) › Cross site scripting (XSS) and Cross-site Request Forgery (CSRF)
- This topic has 3 replies, 2 voices, and was last updated 5 years, 4 months ago by WCFM Forum.
- AuthorPosts
- July 24, 2019 at 7:14 pm #73764inspireParticipant
Dear guys,
Please tell me, are the market place and the plugins safe in case someone wants to insert via comments, or any other input in any field code for Cross site scripting (XSS) and Cross-site Request Forgery (CSRF)?Thanks!
Alexandru
- July 29, 2019 at 11:56 am #74351WCFM ForumMember
HI,
People may insert such things using WP default comment box as well.
Thank You
- July 30, 2019 at 6:38 am #74488inspireParticipant
Dear Guys,
This is not good, anyone who uses this marketplace can loose data. With Cross site scripting (XSS) and Cross-site Request Forgery (CSRF) is very easy to stole data.
I guess is not difficult to block this kind of code, but it should by blocked by you, it is better to by in the plugins not in the child theme.It must be blocked everywhere – vendor input fields, customer input field.
Am I right?
Thanks!
Alexandru - August 3, 2019 at 5:40 am #74928WCFM ForumMember
Hi,
Well, this is not possible using WCFM. WCFM always filter/parse all input data.
But this is possible using default WordPress comment form. You may use some spam filter plugin for comments.
Thank You
- AuthorPosts
- You must be logged in to reply to this topic.