[wp-trac] [WordPress Trac] #56475: Nonce not verify
WordPress Trac
noreply at wordpress.org
Fri Sep 2 15:54:29 UTC 2022
#56475: Nonce not verify
--------------------------+-------------------------------
Reporter: hiren1094 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.1
Component: Security | Version: 6.0
Severity: normal | Resolution:
Keywords: has-patch | Focuses: coding-standards
--------------------------+-------------------------------
Comment (by SergeyBiryukov):
Hi there, welcome to WordPress Trac! Thanks for the ticket and the patch.
It is my understanding that nonces are generally used to protect against
[https://developer.wordpress.org/themes/theme-security/common-
vulnerabilities/#cross-site-request-forgery-csrf Cross-Site Request
Forgery (CSRF)], i.e. to prevent an authenticated user from being tricked
into performing an unwanted action.
Just to clarify, since there is no user account on WordPress installation
yet, what exactly would we protect against by adding and verifying a nonce
there?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56475#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list