Recently, we made a security test against our web site which resulted in several items.
Most of them, we were able to handle but remaining one was “Cross Site Request Forgery (CSRF/XSRF)” which is affecting this form:
<form action=”” name=”activity-loop-form” id=”activity-loop-form” method=”post”><inputtype=”hidden” id=”_wpnonce_activity_filter” name=”_wpnonce_activity_filter”value=”d7473599b3″><input type=”hidden” name=”_wp_http_referer”value=”/members/matthewdew/”></form>
When we look at the provided html, looks like there is wpnonce (Number Used Only Once) activity filter (so this should not be CSRF problems) but still this is reported by our security scan.
On our web site we are using BuddyPress and premium MediaPress (if it might be related).
Do you have any experiences with these issues?
What would be a good way to handle it?
Is there some setting where we can enable this validation?
Agree, it is most likely false positive.
We used Detectify for the security scan, I have sent them a question about could this be a false positive and if not what is the actual threat.
I will mark this ticket as resolved (since no action is required from our side).
If I get any meaningful response from Detectify I will update this post.
You must be logged in to reply to this topic.