Php Csrf Audit Unprotected Action
Description
Detects Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress code where AJAX actions lack proper protection. This occurs when the check_ajax_referer() function's result is not properly enforced to block unauthorized requests, allowing potential CSRF attacks.
Detection Strategy
• Identifies function calls to check_ajax_referer() in WordPress code
• Verifies that the nonce check result is used to control execution flow
• Confirms the nonce verification occurs before processing the AJAX action
• Reports a vulnerability if the CSRF protection can be bypassed or is incorrectly implemented
• Examines the code structure to ensure unauthorized requests are blocked when verification fails
Vulnerable code example
<?php
add_action('wp_ajax_process_data', 'process_data_callback');
function process_data_callback() {
// Vulnerable: Setting die=false allows request to continue even if nonce check fails
check_ajax_referer('data-nonce', 'security', false);
// Process potentially unauthorized request......✅ Secure code example
<?php
add_action('wp_ajax_process_data', 'process_data_callback');
function process_data_callback() {
// Safe: Using default die=true parameter to automatically terminate on invalid nonce
check_ajax_referer('data-nonce', 'security');
// Sanitize inputs before processing...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.