Cross site scripting (XSS) and Cross-site Request Forgery (CSRF)

We're shifting our Forum based support to a more dedicated support system!

We'll be closing our Forum support from 10th June, 2020 and move to Email Support assistance.

If you are a WCFM premium add-ons user, contact us- here
Want to know more before buying our add-ons? Send Pre sale queries- here
If you are a WCFM free user, please open a support ticket at WordPress.org
For WCFM App related queries, reach us- here

From now the forum will be read-only!

Tagged: CSRF, XSS

This topic has 3 replies, 2 voices, and was last updated 5 years, 3 months ago by WCFM Forum.

Viewing 3 reply threads

Author
Posts
- July 24, 2019 at 7:14 pm #73764
  inspire
  Participant
  Dear guys,
  Please tell me, are the market place and the plugins safe in case someone wants to insert via comments, or any other input in any field code for Cross site scripting (XSS) and Cross-site Request Forgery (CSRF)?
  Thanks!
  Alexandru
- July 29, 2019 at 11:56 am #74351
  WCFM Forum
  Member
  HI,
  People may insert such things using WP default comment box as well.
  Thank You
- July 30, 2019 at 6:38 am #74488
  inspire
  Participant
  Dear Guys,
  This is not good, anyone who uses this marketplace can loose data. With Cross site scripting (XSS) and Cross-site Request Forgery (CSRF) is very easy to stole data.
  I guess is not difficult to block this kind of code, but it should by blocked by you, it is better to by in the plugins not in the child theme.
  It must be blocked everywhere – vendor input fields, customer input field.
  Am I right?
  Thanks!
  Alexandru
- August 3, 2019 at 5:40 am #74928
  WCFM Forum
  Member
  Hi,
  Well, this is not possible using WCFM. WCFM always filter/parse all input data.
  But this is possible using default WordPress comment form. You may use some spam filter plugin for comments.
  Thank You
Author
Posts

Viewing 3 reply threads

You must be logged in to reply to this topic.