Divi WordPress Theme
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress fix Reply To: CSRF mitigation in wp-login.php

Discussion in 'Misc WordPress Requests' started by eivindsk, Mar 20, 2018.

  1. eivindsk


    Reply To: CSRF mitigation in wp-login.php, by eivindsk

    Edit: I mean, have you found something that would indicate that’s true?

    I did a vulnerability scan, and it complained that the the login-form was missing a CSRF-token.

    I couldn’t find any _wpnounce or csrftoken field in the form or header, and the tokens I found didn’t seem to be primarily used for CSRF mitigation.

    Can you explain that a little better?

    CSRF is explained here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

    Reply To: CSRF mitigation in wp-login.php

Share This Page

Monarch Social Sharing Plugin