Notifications

Clear all

[Solved] Vulnerability found in 2.2.7

Bug Reports

Last Post by Jasper 8 months ago

5 Posts

3 Users

1 Reactions

386 Views

RSS

Posts: 29

Jasper

Topic starter

Dec 06, 2023 3:26 pm

(@jasper)

Eminent Member

Joined: 1 year ago

Defender Pro security plugin is continually picking this up over the last few updates:

#WordPress wpForo plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) on Sign-out vulnerability
-Vulnerability type: Cross Site Request Forgery (CSRF)

Anything to worry about?

Topic Tags

security csrf vulnerability

4 Replies

Posts: 2615

dimalifragis

Dec 06, 2023 3:51 pm

(@dimalifragis)

Famed Member

Joined: 4 years ago

Real issue or not, if you have

Ninja Fireall for Wordpress, correctly configured

https://wordpress.org/plugins/ninjafirewall/

there is nothing to worry about. BE PROACTIVE.

1 Reply

Jasper

(@jasper)

Joined: 1 year ago

Eminent Member

Posts: 29

Dec 06, 2023 3:56 pm

Reply to

dimalifragis

@dimalifragis

I have server-side WAF as well as the Defender Pro firewall.

I think another might be overkill!

Posts: 10549

Robert

Admin

Dec 06, 2023 5:20 pm

(@robert)

Support Team

Joined: 8 years ago

@jasper,

This is a false positive report. This issue has been fixed in 2.2.3 version, however the problem report don't response to our emails and don't remove it. So this is a outdated wrong information.

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.