Wordpress apps: authLdap plugin Cross-Site Request Forgery
-
@imc67 said in Wordpress apps: authLdap plugin Cross-Site Request Forgery:
There is a new version with one of two issues patched
And I note that the other issue "only impacts multi-site installations and installations where unfiltered_html has been disabled."
Also from that page, it sounds like it is only people who are already logged in Admins and above could take advantage of it:
makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
So if you trust your Admins it doesn't really seem to be an issue (in my case this is normally only me and I both trust myself and don't have the tech skills to take advantage of this potential exploit), hence why the author of the authLDAP plugin doesn't seem to bothered by it.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login