- Level: EnlightenedPosts: 34
Hi everyone,
Recently, we made a security test against our web site which resulted in several items.
Most of them, we were able to handle but remaining one was “Cross Site Request Forgery (CSRF/XSRF)” which is affecting this form:<form action=”” name=”activity-loop-form” id=”activity-loop-form” method=”post”><inputtype=”hidden” id=”_wpnonce_activity_filter” name=”_wpnonce_activity_filter”value=”d7473599b3″><input type=”hidden” name=”_wp_http_referer”value=”/members/matthewdew/”></form>
When we look at the provided html, looks like there is wpnonce (Number Used Only Once) activity filter (so this should not be CSRF problems) but still this is reported by our security scan.
On our web site we are using BuddyPress and premium MediaPress (if it might be related).
Do you have any experiences with these issues?
What would be a good way to handle it?
Is there some setting where we can enable this validation?Kind regards,
Milan - (BuddyDev Team)Posts: 24190
Hi Milan,
This is a false positive. Please contact the scan software company and ask them for what is the potential threat here.Regards
Brajesh - Level: EnlightenedPosts: 34
Hi Brajesh,
Agree, it is most likely false positive.
We used Detectify for the security scan, I have sent them a question about could this be a false positive and if not what is the actual threat.I will mark this ticket as resolved (since no action is required from our side).
If I get any meaningful response from Detectify I will update this post.Kind regards,
Milan - (BuddyDev Team)Posts: 24190
Hi Milan,
Thank you. I look forward to see if they provide any specific details.Regards
Brajesh
You must be logged in to reply to this topic.