How can I best secure WP against a CSRF exploit when creating a new post draft?
If I add a new post and save as draft, I can intercept the request using Burp Suite.
Using the engagement tool in Burp Suite, I can change the value of the post title and paste the URL back in to the browser which creates a new draft with the changed post title.
How can I secure against this?
Cheers
from WordPress CSRF Exploit Draft Status
No comments:
Post a Comment