Vulnerability found...
 
Notifications
Clear all

[Solved] Vulnerability found in 2.2.7

5 Posts
3 Users
1 Reactions
538 Views
Posts: 29
Topic starter
(@jasper)
Eminent Member
Joined: 1 year ago

Hi

Defender Pro security plugin is continually picking this up over the last few updates:

#WordPress wpForo plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) on Sign-out vulnerability
-Vulnerability type: Cross Site Request Forgery (CSRF)

 

Anything to worry about?

4 Replies
dimalifragis
Posts: 2611
(@dimalifragis)
Famed Member
Joined: 5 years ago

Real issue or not, if you have

Ninja Fireall for Wordpress, correctly configured

https://wordpress.org/plugins/ninjafirewall/

there is nothing to worry about. BE PROACTIVE.

1 Reply
(@jasper)
Joined: 1 year ago

Eminent Member
Posts: 29

@dimalifragis 

I have server-side WAF as well as the Defender Pro firewall. 

I think another might be overkill!

Robert
Posts: 10590
Admin
(@robert)
Support Team
Joined: 9 years ago

@jasper,

This is a false positive report. This issue has been fixed in 2.2.3 version, however the problem report don't response to our emails and don't remove it. So this is a outdated wrong information.

1 Reply
(@jasper)
Joined: 1 year ago

Eminent Member
Posts: 29

@robert 

Thanks. 

I'll hit 'ignore' on the next scan.