Ask your WordPress questions! Pay money and get answers fast! Comodo Trusted Site Seal
Official PayPal Seal

Advice needed on cross scripting vulnerability WordPress

  • SOLVED

A few months before i did a tutorial "jquery contact form" for my blog and many peoples using that saying thanks and questions on that tutorial. Recently i received a comment stating that the form has cross scripting vulnerability by having regex expression. You can see that here http://goo.gl/YeOed and check the last comment. But i am not having regex in javascript or i am not displaying directly the user inputs.
The only thing i having in mind to change in code is $_REQUEST to $_POST because $_REQUEST will accept both get and post requests.

However, i need your advice on removing any such insecure codes from my form to let peoples use that without doubt.

Answers (2)

2011-11-23

Luis Cordova answers:

i would use CSRF, hope that helps


Kannan C comments:

Hi Luis Cordova, Thanks for the reply. I am already using Nmap but it is not mentioning any error.

2011-11-23

Julio Potier answers:

Hello

I'm Julio and i'm Web Security Consultant. I audited your code and your script is not vulnerable to any XSS flaw, not even another flaw.
It is vulnerable to CSRF but we never fix a CSRF on a contact form, instead we use captchas.

See you !


Kannan C comments:

Hi Julio, Thank you very much for analyzing my code. Good Day!