This website uses cookies to personalize your experience. By using this website you agree to our cookie policy.

CSRF Protection

Home Forums Product Support Forums Ajax Search Pro for WordPress Support CSRF Protection

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • September 15, 2020 at 11:43 pm #29383
    cofece07cofece07
    Participant

    Hi.

    We have the Ajax Search Pro plugin for WordPress. I´m trying to implement a NONCE key inside every search form. I´m using “wp_nonce_field” inside the “asp.shortcode.settings.php” file, and validating the NONCE inside the “ajax_search.php” file.

    Validation works fine, if the NONCE value is wrong, “wp_verify_nonce” detect this, and in this point I need to end (or exit, or terminate) the execution, I do not want to excecute the query (jquery.ajaxsearchpro.min.jx). If I use “exit()”, “die()” or “wp_safe_redirect()”, the code does not do that and the query is being excecuted.

    I am attaching a Word file with some screens of the code and the results from excecution. I´m using a development server.

    We need the CSRF protection, could you please send me information about how to implement this protection?

    Thanks in advance.

    September 16, 2020 at 8:54 am #29389
    Ernest MarcinkoErnest Marcinko
    Keymaster

    Hi,

    If you maintain all of your plugins to the latest version, you should be perfectly safe from CSRF or any other attacks. For a CSRF query to execute, there must be a vulnerability, and I don’t see how using the search request could be used for that. Every aspect of the query, the arguments, everything is validated multiple times, currently we are not aware of any CSRF related issues with the search. There is no difference on how the query is executed for privileged and non-privileged users, so there is basically no ground for a CSRF attack.
    Even if you were to add a nonce to the ajax request (which I don’t recommend, because for each query it has to be regenerated on the fly, which basically makes it useless, an attacker can easily bypass that), all of the site back-end still needs to get protection. In CSRF attacks, the attacker tricks a privileged user (like an admin) to click a link or a submit form to execute a query on the back-end, and it is much more likely, that an attack will be aimed at your site back-end with a request to a vulnerable file.
    Instead of altering everything in the core files on your whole site, I rather suggest using a plugin like WordFence or a firewall, that detects suspicius and known vulnerability attacks, and blocks them before it reaches execution. It is much more secure, and does not require core file modifications.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.