WordPress Plugins

Launching Popular Authors WordPress plugin

I’m happy to announce the launch of a new WordPress plugin. Popular Authors is an add-on for Top 10 and allows you to display the… Read More »Launching Popular Authors WordPress plugin

Advertisements
Add to All - Content Options

How to Add Text before Post Content in WordPress

The benefit of using WordPress to power your blog is that you don’t need to edit any PHP files and use thousands of ready themes available for free. If you’re like me, you’d prefer to keep away from major editing of the theme files and prefer to use the right assortment of plugins to get the job done. If you’re looking to add text before post content in WordPress, you can either edit your theme files or check out Add to All, a plugin I released a while back.

WordPress

How to prevent CSRF vulnerability in WordPress plugins and themes

Recently the folks at Secunia contacted me regarding a vulnerability in my plugin Contextual Related Posts.

Contextual Related Posts is a powerful plugin for WordPress that allows you to display a list of related posts on your website and in your feed. The plugin comes with a tonne of options and inbuilt caching that can possibly increase user retention.

This vulnerability was on the settings page of the plugin and opened up the blog to a potential cross site request forgery (CSRF)

The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to change plugin settings and e.g. insert malicious script to pages or posts when a logged-in administrator visits a specially crafted web page.

Since then, I’ve been scouring the web for material on this and you might also want to take a look this article on crunchify for a solution. In this post, I’ll tell you what I did to fix the vulnerability. But first, let’s understand what’s CSRF.

Read More »How to prevent CSRF vulnerability in WordPress plugins and themes