Multi Vendor Marketplace Plugin | WCFM Marketplace › Forums › WCFM – Marketplace (WooCommerce Multivendor Marketplace) › Cross site scripting (XSS) and Cross-site Request Forgery (CSRF)
- July 24, 2019 at 7:14 pm #73764inspireParticipant
Please tell me, are the market place and the plugins safe in case someone wants to insert via comments, or any other input in any field code for Cross site scripting (XSS) and Cross-site Request Forgery (CSRF)?
- July 29, 2019 at 11:56 am #74351WCFM ForumKeymaster
People may insert such things using WP default comment box as well.
- July 30, 2019 at 6:38 am #74488inspireParticipant
This is not good, anyone who uses this marketplace can loose data. With Cross site scripting (XSS) and Cross-site Request Forgery (CSRF) is very easy to stole data.
I guess is not difficult to block this kind of code, but it should by blocked by you, it is better to by in the plugins not in the child theme.
It must be blocked everywhere – vendor input fields, customer input field.
Am I right?
- August 3, 2019 at 5:40 am #74928WCFM ForumKeymaster
Well, this is not possible using WCFM. WCFM always filter/parse all input data.
But this is possible using default WordPress comment form. You may use some spam filter plugin for comments.
- You must be logged in to reply to this topic.