[wp-trac] [WordPress Trac] #53966: CSFR attack possible via plugin
WordPress Trac
noreply at wordpress.org
Fri Aug 20 10:01:03 UTC 2021
#53966: CSFR attack possible via plugin
----------------------------------------------+----------------------------
Reporter: jamieplexus | Owner: (none)
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting
| Review
Component: General | Version: 5.8
Severity: normal | Keywords: has-patch
Focuses: administration, coding-standards |
----------------------------------------------+----------------------------
There has been a CSFR plugin identified in the OptionTree plugin. You can
see where this has been reported in the Github for the plugin almost a
year ago; https://github.com/valendesigns/option-tree/pull/731
There is also a bug now causing an error when you upgrade to PHP 7.4, you
can see it reported here; https://github.com/valendesigns/option-
tree/pull/723
These need to be fixed or have the plugin pulled.
Cheers,
Jamie
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53966>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list