9
2013
How to prevent CSRF vulnerability in WordPress plugins and themes
Recently the folks at Secunia contacted me regarding a vulnerability in my plugin Contextual Related Posts. Contextual Related Posts is a powerful plugin for WordPress that allows you to display a list of related posts on your website and in your feed. The plugin comes with a tonne of options and inbuilt caching that can possibly increase user retention. This vulnerability was on the settings page of the plugin and opened up the blog to a potential cross site request forgery (CSRF) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify…









