Skip to content

Better Know a Vulnerability: Cross Site Request Forgery (CSRF)

  • by

One of the easier to understand vulnerabilities is the CSRF. It’s also one of the most common issues we see in plugins and themes, because people rarely think about it. Imagine that I have a form that takes input, like so: Now, that’s a simple form (and missing a submit button to boot), but you […]

Better Know a Vulnerability: SQL Injection

We get a lot of submissions to the WordPress.org plugin repository, and so there is often a lot of dangerous code submitted. Usually this isn’t malicious, it’s just by people who honestly don’t know that their code has problems. Understanding those problems is the first step to fixing them. So here’s one common vulnerability we […]